4 if test -z "$USER"; then
5 echo Usage
: domtool-addcert USERNAME
9 KEYDIR
=/afs
/hcoop.net
/common
/etc
/domtool
/keys
/$USER
10 KEYFILE
=$KEYDIR/key.pem
11 CERTFILE
=/afs
/hcoop.net
/common
/etc
/domtool
/certs
/$USER.pem
16 mkdir
$KEYDIR ||
echo Key directory already exists.
17 openssl genrsa
-out $KEYFILE
18 chown
-R domtool.domtool
$KEYDIR
19 fs sa
$KEYDIR $USER read ||
echo This must be a server principal.
26 echo "$USER@hcoop.net" >>$KEYIN
29 openssl req
-new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
31 cat $NEWREQ $KEYFILE >$NEW
33 openssl ca
-batch -config /etc
/domtool
/openssl.cnf
-policy policy_anything
-out $CERTFILE -infiles $NEW
35 chown domtool.domtool
$CERTFILE