#!/bin/sh
#
. config
PATH=$PATH:$SSLPATH

if [ ! -f ca.key ]; then
    echo "Before you can make a self-signed CA Certificate you must"
    echo "have a CA private key file.  Please run make_ca_private_key"
    echo "to generate this file."
    exit 1
fi

echo "For best results, make sure the CommonName of your CA Certificate"
echo "and your server's CSR are identical, and that other portions of"
echo "identifying data for your CA Certificate differ from that for your"
echo "server CSR."
echo

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

if [ $? = 0 ]; then
    echo
    echo "Your self-signed CA Certificate is in the file ca.crt"
    if [ -f server.csr ]; then
        echo
        echo "You can now sign your server's CSR with the command ./sign.sh server.csr"
    else
	echo
	echo "You must now create a Certificate Signing Request for your server"
	echo "using ./make_csr.  When your CSR is successfully created, you may"
	echo "sign it with the command ./sign.sh server.csr."
    fi
else
    echo
    echo "Yor self-signed CA Certificate was not created. Please"
    echo "make you entered the pass phrase for your CA certificate"
    echo "correctly and that the file ca.key is present and is a"
    echo "valid key file.  You may check it with see_ca_private_key."
fi
