#!/bin/sh

make_key () {
    # Takes one argument, the Distinguished name
    # Creates a single signed cert, cert.pem in the current directory
    cat -<<EOF |openssl req -nodes -new -keyout key.pem -out key.req -days 9000 >/dev/null 2>&1
.
.
.
.
.
$1
.


EOF
    openssl x509 -in $CACERT -noout -next_serial -out serial >/dev/null 2>&1
    touch database database.attr
    cp /usr/lib/ssl/openssl.cnf config
    perl -pi -e 's/(database|serial)\s*=.+/$1=$1/' config
    openssl ca -config config -policy policy_anything -keyfile $CAKEY -cert $CACERT \
	-out cert.pem -outdir . -notext -days 9000 -batch -infiles key.req > /dev/null 2>&1
    rm -f database database.attr database.old database.attr.old config serial serial.old
    rm -f key.req
}


if [ -n "$1" -a ! -e $1 ]; then

    cat -<<EOF |openssl req -new -nodes -x509 -keyout $1.key -out $1.crt -days 9000 >/dev/null 2>&1
.
.
.
.
My CA Key
.

EOF

fi;

CACERT=$1.crt;
CAKEY=$1.key;
make_key $2
mv key.pem  $2.pem
mv cert.pem $2.crt