X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/e903f39884591490f7a023a730149cb1894b499d..1b96e27daa5e23d69adc832183c947ebcdf1d658:/scripts/domtool-addcert

diff --git a/scripts/domtool-addcert b/scripts/domtool-addcert
index 3f2313f..6e58197 100755
--- a/scripts/domtool-addcert
+++ b/scripts/domtool-addcert
@@ -1,23 +1,29 @@
 #!/bin/sh -e
 
-  KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
+USER="$1"
+if test -z "$USER"; then
+	echo Usage: domtool-addcert USERNAME
+	exit 1
+fi   
+
+  KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$USER
  KEYFILE=$KEYDIR/key.pem
-CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
+CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$USER.pem
   NEWREQ=~/.newreq.pem
      NEW=~/.new.pem
    KEYIN=~/.keyin
 
-mkdir -p $KEYDIR
+mkdir $KEYDIR || echo Key directory already exists.
 openssl genrsa -out $KEYFILE
-chown -R domtool.domtool $KEYDIR
-fs sa $KEYDIR $1 read
+chown -R domtool.nogroup $KEYDIR
+fs sa $KEYDIR $USER read || echo This must be a server principal.
 echo "." >$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
 echo "." >>$KEYIN
-echo "$1" >>$KEYIN
-echo "$1@hcoop.net" >>$KEYIN
+echo "$USER" >>$KEYIN
+echo "$USER@hcoop.net" >>$KEYIN
 echo "" >>$KEYIN
 echo "" >>$KEYIN
 openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
@@ -26,4 +32,4 @@ cat $NEWREQ $KEYFILE >$NEW
 rm $NEWREQ
 openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
 rm $NEW
-chown domtool.domtool $CERTFILE
+chown domtool.nogroup $CERTFILE