825f11571707d35555a0d2a8f5634ff4e8ccced4
4 certroot
=$
(cd ${0%/*}/..
; pwd)
5 .
"$certroot"/lib
/func.sh
8 ## Parse the command line.
11 *) echo >&2 "Usage: $0 TAG PROFILE FILE"; exit 1 ;;
13 tag
=$1 profile
=$2 file=$3
15 ## Make sure we're not overwriting anything. Put sequence numbers
16 ## into labels to prevent bad things from happening.
17 if [ -f
"$certroot"/certs
/"$tag".cert
]; then
18 echo >&2 "$0: certificate $tag already exists"
22 ## Make a temporary copy of the certificate. This prevents a race, and
23 ## more importantly lets us change directory.
24 cp "$file" "$certroot"/tmp
/"$tag".req
27 ## Make the certificate.
28 openssl ca
-config openssl.conf
-extensions
$profile-extensions \
29 -in tmp
/"$tag".req
-out tmp
/"$tag".cert
31 ## Install a hash link the benefit of OpenSSL's `verify' command and
32 ## similar, and install the completed request and certificate in the
34 mv tmp
/"$tag".req tmp
/"$tag".cert certs
/
35 linkserial certs
/"$tag".cert
36 linkhash certs
/"$tag".cert
39 ## Output the certificate.
40 openssl x509
-in certs
/"$tag".cert