Add read-only path type
[hcoop/domtool2.git] / scripts / domtool-addcert
CommitLineData
385c3534
AC
1#!/bin/sh -e
2
3 KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
4 KEYFILE=$KEYDIR/key.pem
5CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
6 NEWREQ=~/.newreq.pem
7 NEW=~/.new.pem
8 KEYIN=~/.keyin
9
10mkdir $KEYDIR || echo Already exists
11openssl genrsa -out $KEYFILE
12chown -R domtool.domtool $KEYDIR
13fs sa $KEYDIR $1 read
14echo "." >$KEYIN
15echo "." >>$KEYIN
16echo "." >>$KEYIN
17echo "." >>$KEYIN
18echo "." >>$KEYIN
19echo "$1" >>$KEYIN
20echo "$1@hcoop.net" >>$KEYIN
21echo "" >>$KEYIN
22echo "" >>$KEYIN
23openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
24rm $KEYIN
25cat $NEWREQ $KEYFILE >$NEW
26rm $NEWREQ
27openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
28rm $NEW
29chown domtool.domtool $CERTFILE