#!/bin/sh -e

  KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
 KEYFILE=$KEYDIR/key.pem
CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
  NEWREQ=~/.newreq.pem
     NEW=~/.new.pem
   KEYIN=~/.keyin

mkdir $KEYDIR || echo Already exists
openssl genrsa -out $KEYFILE
chown -R domtool.domtool $KEYDIR
fs sa $KEYDIR $1 read
echo "." >$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "$1" >>$KEYIN
echo "$1@hcoop.net" >>$KEYIN
echo "" >>$KEYIN
echo "" >>$KEYIN
openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
rm $KEYIN
cat $NEWREQ $KEYFILE >$NEW
rm $NEWREQ
openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
rm $NEW
chown domtool.domtool $CERTFILE