#!/bin/sh


# licence : GPL v2
# copyright : 8d technologies, xavier renaut


#  /etc/ssl/ca/ca
# usage : 
# 
# /etc/ssl/8D/www.lapa.8d.com :
# cert_client_create.sh www.lapa.8d.com /etc/ssl/8D/cacert
# cert_client_create.sh lsacaut.jason.jala.stunnel /etc/ssl/8D/jason.holo.8d.com/jason.holo.8d.com

[ "$2" = "" ] && echo cert_client_create.sh username path_certificate/base_name_for_certificate\? && exit 1
i=$1
# path certificate
pc=$2
cs=""
[ -f ${pc}.srl ] || cs='-CAcreateserial'
openssl genrsa -out $i.key 2048 &&
#openssl genrsa -out $i.key 1024 &&
# encrypt
#openssl genrsa -aes256 -out $i.key 2048 &&
openssl req -new -key $i.key -out $i.csr && 
openssl gendh 512 > $i.dh

# -CAcreateserial si y'en a pas

#openssl x509 -req -sha1 -days 2190 $cs -CAserial $pc.srl -CA $pc.crt -CAkey  $pc.key  -in $i.csr -out $i.crt &&
openssl x509 -req -sha1 -days 2190 $cs -CAserial $pc.srl -CA $pc.pem -CAkey  $pc.key  -in $i.csr -out $i.crt &&
openssl pkcs12 -export -clcerts -in $i.crt -inkey $i.key -out $i.p12

cat $i.crt $i.key > $i.pem

# http://www.aboveground.cx/~rjmooney/projects/misc/clientcertauth.html