init.d script for domtool-slave
[hcoop/domtool2.git] / scripts / domtool-addcert
1 #!/bin/sh -e
2
3 KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
4 KEYFILE=$KEYDIR/key.pem
5 CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
6 NEWREQ=~/.newreq.pem
7 NEW=~/.new.pem
8 KEYIN=~/.keyin
9
10 mkdir $KEYDIR || echo Already exists
11 openssl genrsa -out $KEYFILE
12 chown -R domtool.domtool $KEYDIR
13 fs sa $KEYDIR $1 read
14 echo "." >$KEYIN
15 echo "." >>$KEYIN
16 echo "." >>$KEYIN
17 echo "." >>$KEYIN
18 echo "." >>$KEYIN
19 echo "$1" >>$KEYIN
20 echo "$1@hcoop.net" >>$KEYIN
21 echo "" >>$KEYIN
22 echo "" >>$KEYIN
23 openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
24 rm $KEYIN
25 cat $NEWREQ $KEYFILE >$NEW
26 rm $NEWREQ
27 openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
28 rm $NEW
29 chown domtool.domtool $CERTFILE