bourne shell vs bashism fix
[hcoop/domtool2.git] / scripts / domtool-addcert
CommitLineData
385c3534
AC
1#!/bin/sh -e
2
906a79a6
DO
3USER="$1"
4if test -z "$USER"; then
5 echo Usage: domtool-addcert USERNAME
6 exit 1
7fi
8
c235081a 9 KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$USER
385c3534 10 KEYFILE=$KEYDIR/key.pem
c235081a 11CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$USER.pem
385c3534
AC
12 NEWREQ=~/.newreq.pem
13 NEW=~/.new.pem
14 KEYIN=~/.keyin
15
c235081a 16mkdir $KEYDIR || echo Key directory already exists.
385c3534 17openssl genrsa -out $KEYFILE
ea459e3e 18chown -R domtool.nogroup $KEYDIR
3cd90a3d 19fs sa $KEYDIR $USER read || echo This must be a server principal.
385c3534
AC
20echo "." >$KEYIN
21echo "." >>$KEYIN
22echo "." >>$KEYIN
23echo "." >>$KEYIN
24echo "." >>$KEYIN
906a79a6
DO
25echo "$USER" >>$KEYIN
26echo "$USER@hcoop.net" >>$KEYIN
385c3534
AC
27echo "" >>$KEYIN
28echo "" >>$KEYIN
29openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
30rm $KEYIN
31cat $NEWREQ $KEYFILE >$NEW
32rm $NEWREQ
33openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
34rm $NEW
ea459e3e 35chown domtool.nogroup $CERTFILE