+++ /dev/null
-#! /bin/sh
-
-set -e
-certroot=$(cd ${0%/*}/..; pwd)
-. "$certroot"/lib/func.sh
-runas_ca "$@"
-
-## Parse the command line.
-case "$#" in
- 3) ;;
- *) echo >&2 "Usage: $0 TAG PROFILE FILE"; exit 1 ;;
-esac
-tag=$1 profile=$2 file=$3
-
-## Make sure we're not overwriting anything. Put sequence numbers
-## into labels to prevent bad things from happening.
-if [ -f "$certroot"/certs/"$tag".cert ]; then
- echo >&2 "$0: certificate $tag already exists"
- exit 1
-fi
-
-## Make a temporary copy of the certificate. This prevents a race, and
-## more importantly lets us change directory.
-cp "$file" "$certroot"/tmp/"$tag".req
-cd "$certroot"
-
-## Make the certificate.
-openssl ca -config openssl.conf -extensions $profile-extensions \
- -in tmp/"$tag".req -out tmp/"$tag".cert
-
-## Install a hash link the benefit of OpenSSL's `verify' command and
-## similar, and install the completed request and certificate in the
-## archive.
-mv tmp/"$tag".req tmp/"$tag".cert certs/
-linkserial certs/"$tag".cert
-linkhash certs/"$tag".cert
-rm tmp/*.pem
-
-## Output the certificate.
-openssl x509 -in certs/"$tag".cert
~mdw / ca / blobdiff