| 1 | #!/bin/sh -e |
| 2 | |
| 3 | KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1 |
| 4 | KEYFILE=$KEYDIR/key.pem |
| 5 | CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem |
| 6 | NEWREQ=~/.newreq.pem |
| 7 | NEW=~/.new.pem |
| 8 | KEYIN=~/.keyin |
| 9 | |
| 10 | mkdir -p $KEYDIR |
| 11 | openssl genrsa -out $KEYFILE |
| 12 | chown -R domtool.domtool $KEYDIR |
| 13 | fs sa $KEYDIR $1 read |
| 14 | echo "." >$KEYIN |
| 15 | echo "." >>$KEYIN |
| 16 | echo "." >>$KEYIN |
| 17 | echo "." >>$KEYIN |
| 18 | echo "." >>$KEYIN |
| 19 | echo "$1" >>$KEYIN |
| 20 | echo "$1@hcoop.net" >>$KEYIN |
| 21 | echo "" >>$KEYIN |
| 22 | echo "" >>$KEYIN |
| 23 | openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN |
| 24 | rm $KEYIN |
| 25 | cat $NEWREQ $KEYFILE >$NEW |
| 26 | rm $NEWREQ |
| 27 | openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW |
| 28 | rm $NEW |
| 29 | chown domtool.domtool $CERTFILE |