4 if test -z "$USER"; then
5 echo Usage
: domtool-addcert USERNAME
9 KEYDIR
=`domtool-config -path cert keys`/$USER
10 KEYFILE
=$KEYDIR/key.pem
11 CERTFILE
=`domtool-config -path cert certs`/$USER.pem
15 CACONF
=`domtool-config -path cert ca`/domtool-openssl.conf
17 mkdir
$KEYDIR ||
echo Key directory already exists.
18 openssl genrsa
-out $KEYFILE 4096
19 # chown -R domtool.nogroup $KEYDIR
20 # chmod for non-afs systems
23 if [ "$2" != '-unsafe' ]; then
24 if [ -z "`getent passwd $USER`" ]; then
25 echo "$USER does not exist. This must be a server principal."
27 chown
-R $USER.nogroup
$KEYDIR
31 fs sa
$KEYDIR $USER read ||
echo This must be a server principal.
38 # fixme: domtool-config -domain
39 echo "$USER@`domtool-config -domain`" >>$KEYIN
42 openssl req
-new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
44 cat $NEWREQ $KEYFILE >$NEW
48 # Insecure CA is OK for development, and if the CA is in afs it is
49 # assumed the script is being run with sufficient
50 # permissions. Otherwise, become root to use the ca private key,
51 if [ ! -r $CACONF ]; then
55 $ROOTCMD openssl ca
-batch -config `domtool-config -path cert ca`/domtool-openssl.conf
-out $CERTFILE -infiles $NEW
57 #chown domtool.nogroup $CERTFILE