4 certroot=$(cd ${0%/*}/..; pwd)
5 . "$certroot"/lib/func.sh
8 ## Parse the command line.
11 *) echo >&2 "Usage: $0 TAG PROFILE FILE"; exit 1 ;;
13 tag=$1 profile=$2 file=$3
15 ## Make sure we're not overwriting anything. Put sequence numbers
16 ## into labels to prevent bad things from happening.
17 if [ -f "$certroot"/certs/"$tag".cert ]; then
18 echo >&2 "$0: certificate $tag already exists"
22 ## Make a temporary copy of the certificate. This prevents a race, and
23 ## more importantly lets us change directory.
24 cp "$file" "$certroot"/tmp/"$tag".req
27 ## Make the certificate.
28 openssl ca -config openssl.conf -extensions $profile-extensions \
29 -in tmp/"$tag".req -out tmp/"$tag".cert
31 ## Install a hash link the benefit of OpenSSL's `verify' command and
32 ## similar, and install the completed request and certificate in the
34 mv tmp/"$tag".req tmp/"$tag".cert certs/
35 linkserial certs/"$tag".cert
36 linkhash certs/"$tag".cert
39 ## Output the certificate.
40 openssl x509 -in certs/"$tag".cert