#!/bin/bash
 
#Required
domain=$1
commonname=$domain
 
#Change to your company details
country=ZH
state=Shanghai
locality=Shanghai
organization=a.com
organizationalunit=IT
email=a@b.com
 
#Optional
password=a
 
if [ -z "$domain" ]
then
    echo "Argument not present."
    echo "Useage $0 [common name]"
 	
    exit 99
fi
 
echo "Generating key request for $domain"
 
#Generate a key
# openssl genrsa -out host.key 2048
# openssl genrsa -des3 -out $domain.key 2048 -noout
openssl genrsa -passout pass:$password -out ./tmpCert/$domain.key 2048


#Remove passphrase from the key. Comment the line out to keep the passphrase
echo "Removing passphrase from key"
openssl rsa -in ./tmpCert/$domain.key -passin pass:$password -out ./tmpCert/$domain.key
 
#Create the request
echo "Creating CSR"
openssl req -new -key ./tmpCert/$domain.key -out ./tmpCert/$domain.csr -passin pass:$password \
    -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email"
 
#Generating a Self-Signed Certificate
openssl x509 -req -days 365 -in ./tmpCert/$domain.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out ./tmpCert/$domain.crt
#-signkey ./tmpCert/$domain.key
#openssl x509 -req -in host.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out host.crt -days 365
echo "Finished"