#!/bin/sh
OPENSSL_PATH="/usr/bin" #default install path
#OPENSSL_PATH="/usr/local/ssl/bin" #workaround for dual openssl install
if test "$#" -ne 1; then
    echo "Error: Wrong parameters --> You must provide the certificate name."
    echo "Please use: ./createCerts.sh 18"

    exit 1
fi

DAYS=$((10*365))
DN="/C=US/ST=Illinois/L=Chicago/O=Safemobile/OU=PKI"
ID=$1
CERTS_PATH=certs

#generate key pair
$OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/$ID-key.pem" 4096

#generate signing request
$OPENSSL_PATH/openssl req -new -key "$CERTS_PATH/$ID-key.pem" -subj "$DN/CN=$ID" -out "$CERTS_PATH/$ID-csr.pem"

#sign new cert
$OPENSSL_PATH/openssl x509 -req -days $DAYS -in "$CERTS_PATH/$ID-csr.pem" -CA "$CERTS_PATH/ca1-cert.pem"  \
    -CAkey "$CERTS_PATH/ca1-key.pem" -set_serial 500 -out "$CERTS_PATH/$ID-cert.pem"