#! /bin/sh

dir="$1"
mkdir "$1" || {
  echo "error creating '$1'" 1>&2
  exit 1
}
cd "$1"

set -e -x

touch myopenssl.cnf

# I'm not sure why the OpenSSL book includes these command line options.
#extensions='-extfile myopenssl.cnf -extensions v3_ca'

### Create the root CA:
openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
openssl x509 -req -in rootreq.pem -sha1 -signkey rootkey.pem $extensions -out rootcert.pem
cat rootcert.pem rootkey.pem > root.pem
# Query the newly created key to test its validity.
openssl x509 -subject -issuer -noout -in root.pem

### Create the server CA and sign it with the root CA:
openssl req -newkey rsa:1024 -sha1 -keyout serverCAkey.pem -out serverCAreq.pem
openssl x509 -req -in serverCAreq.pem -sha1 $extensions -CA root.pem -CAkey root.pem -CAcreateserial -out serverCAcert.pem
cat serverCAcert.pem serverCAkey.pem rootcert.pem > serverCA.pem
openssl x509 -subject -issuer -noout -in serverCA.pem

### Create the server's certificate and sign it with the Server CA.
openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem
openssl x509 -req -in serverreq.pem -sha1 $extensions -CA serverCA.pem -CAkey serverCA.pem -CAcreateserial -out servercert.pem
cat servercert.pem serverkey.pem serverCAcert.pem rootcert.pem > server.pem
openssl x509 -subject -issuer -noout -in server.pem

### Create the clients's certificate and sign it with the Root CA.
openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem
openssl x509 -req -in clientreq.pem -sha1 $extensions -CA root.pem -CAkey root.pem -CAcreateserial -out clientcert.pem
cat clientcert.pem clientkey.pem rootcert.pem rootcert.pem > client.pem
openssl x509 -subject -issuer -noout -in client.pem


