#!/bin/sh
#
. config
PATH=$PATH:$SSLPATH

echo "Be sure to use the fully-qualified domain name of your"
echo "server (e.g. www.fmp.com) when prompted for the"
echo "'CommonName' of your server"
echo

openssl req -new -key server.key -out server.csr

if [ $? = 0 ]; then
    echo
    echo "Certificate Signing Request is in server.csr"
    echo
    echo "Submit the file server.csr to the Certifying Authority"
    echo "of your choice and place the result in this directory"
    echo "as server.crt"
    echo
    echo "Optionally, you may sign your own certificate (NOT recommended"
    echo "for production work) using ./sign.sh server.csr.  If you don't"
    echo "have a self-signed CA key pair, you may create these using"
    echo "./make_ca_private_key."
else
    echo
    echo "Your Certificate Signing Request was not generated.  Make sure"
    echo "your server key file, server.key, is presenet in this directory"
    echo "and is valid.  You may create it using ./make_private_key or"
    echo "check it using see_private_key."
fi
