#!/bin/sh

# 
# copied in parts from the suse postfix config file
#

openssl=/usr/sbin/openssl
sslconfig=$HOME/ssl/ssl.cnf
sslpath=$HOME/ssl

rm -rf $sslpath
umask 077
mkdir -p $sslpath/certs
mkdir -p $sslpath/newcerts
mkdir -p $sslpath/private
touch $HOME/ssl/index.txt
echo 00 > $HOME/ssl/serial

cat >> $sslconfig <<END
[ ca ]
default_ca	= exampleca

[ exampleca ]
dir 		= $HOME/ssl
certificate	= $HOME/ssl/cacert.pem
database	= $HOME/ssl/index.txt
new_certs_dir	= $HOME/ssl/certs
private_key	= $HOME/ssl/private/cakey.pem
serial		= $HOME/ssl/serial

default_crl_days 	= 7
default_days 		= 365
default_md		= md5


policy 		= exampleca_policy
attributes	= exampleca_attributes
x509_extensions = certificate_extensions

[ exampleca_policy ]
commonName		= supplied
stateOrProvinceName	= supplied
countryName		= supplied
emailAddress		= supplied
organizationName	= supplied
organizationalUnitName  = optional

[ exampleca_attributes ]
challengePassword       = maybe the dingo ate the baby

[ certificate_extensions ]
basicConstraints 	= CA:false

[ req ]
default_bits 		= 2048
default_keyfile		= $HOME/ssl/private/cakey.pem
default_md		= md5

prompt			= no
distinguished_name	= root_ca_distinguished_name
x509_extensions		= root_ca_extensions

[ root_ca_distinguished_name ]
countryName            = DE
stateOrProvinceName    = Bavaria
localityName           = Schweinfurt
organizationName       = DN
organizationalUnitName = Private Internet Services
commonName             = uranus.centroid.eu
emailAddress           = pjp@uranus.centroid.eu


[ root_ca_extensions ]
basicConstraints	= CA:true

END


echo "creating CA request/certificate..."

$openssl req -days 2000 -config $sslconfig -new -x509 -nodes -keyout $sslpath/private/cakey.pem -out $sslpath/cacert.pem -set_serial 0

echo "creating certificate request..."

$openssl req -config $sslconfig -new -nodes -keyout $sslpath/certs/postfixkey.pem -out $sslpath/certs/postfixreq.pem -set_serial 0

echo "signing server certificate..."

$openssl ca -config $sslconfig -notext -batch -out $sslpath/certs/postfixcert.pem -infiles $sslpath/certs/postfixreq.pem 

#end of script