#!/bin/sh

#
# Sign a certificate signing request (a .csr file)
# with a local root certificate and key.
#

if test $# -ne 1; then
  echo "usage: sign-req <name>";
  exit 1
fi                                                                             

if cd $KEY_DIR; then
  if ! [ -e index.txt ]; then
    touch index.txt
  fi 
  if ! [ -e serial ]; then
    echo 01 > serial
  fi 
fi

if test $KEY_DIR; then
  cd $KEY_DIR && \
  openssl ca -days 36500 -out $1.crt -in $1.csr -config $KEY_CONFIG \
          -keyfile ca.key -cert ca.crt -outdir . -md sha256
#  openssl ca -days 3650 -out $1.crt -in $1.csr -keyfile ca.key -cert ca.crt -outdir .
  openssl pkcs12 -export -out $1.pfx -inkey $1.key -in $1.crt -certfile ca.crt
else
  echo you must define KEY_DIR
fi