#!/bin/sh # Take the correct binary to create the certificates CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) if [ -z "$CERTTOOL" ] then echo "ERROR: No certtool found" >&2 exit 1 fi . ./vars if ! [ -f ca.key.pem ] then # Create a CA key. $CERTTOOL \ --generate-privkey \ --sec-param $SEC_PARAM \ --outfile ca.key.pem fi chmod 600 ca.key.pem if ! [ -f ca.template ] then # Sign a CA cert. cat <ca.template organization = $ORGANIZATION cn = $CN CA country = $COUNTRY expiration_days = $EXPIRATION_DAYS ca EOF #state = $STATE #locality = $LOCALITY fi if ! [ -f ca.cert.pem ] || [ ca.template -nt ca.cert.pem ] then $CERTTOOL \ --generate-self-signed \ --load-privkey ca.key.pem \ --template ca.template \ --outfile ca.cert.pem fi chmod 600 ca.cert.pem