#!/bin/sh -x 

# licence : gpl v2
# copyright : 8d technologies, xavier renaut

pass=1

while getopts n o ; do
        case "$o" in
                n)
                        echo no password
                        pass=0
                        ;;
esac
done

shift $(($OPTIND - 1))






[ "$1" = "" ] && echo server name\? && exit 1
i=$1

if [ "$pass" = "0" ]; then
openssl req -new -x509 -days 3650 -nodes -out $i.pem -keyout $i.pem

else

openssl genrsa -aes256 -out $i.key 2048 &&
openssl req -new -key $i.key -out $i.csr &&
openssl gendh 512 > $i.dh &&
openssl x509 -req  -sha1 -days 2190 -in $i.csr -signkey $i.key -out $i.crt &&
cat $i.crt $i.key > $i.pem

fi

#req
# 
# -extensions .. specify certificate extension section (override value in config file)
# -reqexts ..    specify request extension section (override value in config file)

#x509
# -extfile        - configuration file with X509V3 extensions to add
# -extensions     - section from config file with X509V3 extensions to add


# CA.pl :  -newca
# openssl req  -sha1 -new -x509 -keyout cacert.key -out cacert.pem -days 2190 -set_serial 1 
# openssl x509 -in cacert.pem -noout -next_serial -out serial
# display openssl x509 -text -noout -in cacert.pem

# add to x509 / req  : -set_serial 1