#!/bin/bash

export RANDFILE=/root/.rnd

if [ ! -e $certkeydir/$domain.key ]; then
    openssl genrsa -out $certkeydir/$domain.key 4096 >&$logfile 2>&1
fi

chmod 600 $certkeydir/$domain.key
setfacl -m u:$daemongroup:rwx $certkeydir/$domain.key

aliases=$(echo "$domain $aliases" | sed -e 's/ *$//')
echo $aliases | awk 'BEGIN { RS=" "; printf("subjectAltName = @alt_names\n[alt_names]\n") } { count++; printf("DNS.%d = %s\n", count, $0) }' > $(dirname $BASH_SOURCE)/multi.cnf

rm -f $certcsrdir/$domain.csr  2>&1 >/dev/null
rm -f $certcertdir/$domain.crt 2>&1 >/dev/null

cat $certscriptdir/openssl.conf $(dirname $BASH_SOURCE)/multi.cnf > $(dirname $BASH_SOURCE)/sslconf.cnf
openssl req -new -sha256 -key $certkeydir/$domain.key -out $certcsrdir/$domain.csr -config $(dirname $BASH_SOURCE)/sslconf.cnf -subj "/C=$country/ST=$state/L=$city/O=$org/OU=$orgunit"  >&$logfile 2>&1

rm -f $(dirname $BASH_SOURCE)/sslconf.cnf
. $(dirname $BASH_SOURCE)/signcert
