| | 1 | #!/bin/sh -e |
| | 2 | |
| | 3 | USER="$1" |
| | 4 | if test -z "$USER"; then |
| | 5 | echo Usage: domtool-addcert USERNAME |
| | 6 | exit 1 |
| | 7 | fi |
| | 8 | |
| | 9 | KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$USER |
| | 10 | KEYFILE=$KEYDIR/key.pem |
| | 11 | CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$USER.pem |
| | 12 | NEWREQ=~/.newreq.pem |
| | 13 | NEW=~/.new.pem |
| | 14 | KEYIN=~/.keyin |
| | 15 | |
| | 16 | mkdir $KEYDIR || echo Key directory already exists. |
| | 17 | openssl genrsa -out $KEYFILE |
| | 18 | chown -R domtool.nogroup $KEYDIR |
| | 19 | fs sa $KEYDIR $USER read || echo This must be a server principal. |
| | 20 | echo "." >$KEYIN |
| | 21 | echo "." >>$KEYIN |
| | 22 | echo "." >>$KEYIN |
| | 23 | echo "." >>$KEYIN |
| | 24 | echo "." >>$KEYIN |
| | 25 | echo "$USER" >>$KEYIN |
| | 26 | echo "$USER@hcoop.net" >>$KEYIN |
| | 27 | echo "" >>$KEYIN |
| | 28 | echo "" >>$KEYIN |
| | 29 | openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN |
| | 30 | rm $KEYIN |
| | 31 | cat $NEWREQ $KEYFILE >$NEW |
| | 32 | rm $NEWREQ |
| | 33 | openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW |
| | 34 | rm $NEW |
| | 35 | chown domtool.nogroup $CERTFILE |
HCoop / hcoop / domtool2.git / blame_incremental