#!/bin/sh

#
# Make a certificate/private key pair using a locally generated
# root certificate and convert it to a PKCS #12 file including the
# the CA certificate as well.

if test $# -ne 1; then
        echo "usage: build-key-pkcs12 <name>";
        exit 1
fi                                                                             

if test $KEY_DIR; then
	cd $KEY_DIR && \
	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
        openssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
	chmod 0600 $1.key $1.p12
else
	echo you must define KEY_DIR
fi