#!/bin/sh
CN="$1"
ALTNAME="$2"

openssl req \
	-new \
	-utf8 \
	-sha256 \
	-key /ca/keys/ca.key \
	-subj "/O=RedXen/CN=$CN" \
	-nodes \
	-keyout keys/"$CN".key \
	-out /tmp/"$CN".csr

if [ -z "$ALTNAME" ]; then
	openssl x509 \
		-req \
		-in /tmp/"$CN".csr \
		-days 365 \
		-extfile <(cat /tmp/x509v3_config) \
		-CA /ca/certs/ca.crt \
		-CAkey /ca/keys/ca.key \
		-out certs/"$CN".crt
else
	openssl x509 \
		-req \
		-in /tmp/"$CN".csr \
		-days 365 \
		-extfile <(cat /tmp/x509v3_config <(echo "subjectAltName=$ALTNAME")) \
		-CA /ca/certs/ca.crt \
		-CAkey /ca/keys/ca.key \
		-out certs/"$CN".crt
		#-CAcreateserial \
		#-CAserial /tmp/discard.srl \
fi

openssl x509 \
	-in certs/"$CN".crt \
	-noout -text