3 unset email unit key ext extra
4 config
=/etc
/ca
/openssl.conf
6 while getopts e
:u
:k
:x
: opt
; do
15 shift $
(( $OPTIND - 1 ))
19 *) echo >&2 "usage: $0 [-e EMAIL] [-k KEY] [-u UNIT] [-x EXT] LABEL CN"; exit 1 ;;
23 if [ ! -d private
]; then
31 echo "[genx509-custom]"
32 cat "$ext"; } >"tmp.$label.conf"
33 config
=tmp.
$label.conf
34 extra
="$extra -reqexts genx509-custom"
38 name
="/C=GB/ST=Cambridgeshire/L=Cambridge/O=distorted.org.uk"
39 name
="$name/${unit+OU=$unit/}CN=$cn${email+/emailAddress=$email}"
42 openssl req
-batch -config
"$config" \
43 -new
-subj
"$name" -text
-out
"$label.req.new" \
47 openssl req
-batch -config
"$config" \
48 -new
-subj
"$name" -text
-out
"$label.req.new" \
49 -nodes
-keyout
"private/$label.key.new" $extra
50 chmod 600 "private/$label.key.new"
51 mv "private/$label.key.new" "private/$label.key"
54 rm -f
"tmp.$label.conf"
55 mv "$label.req.new" "$label.req"
56 sha256sum
"$label.req"