#!/bin/bash
#
# Copyright (c) Citrix Systems 2007, 2008. All rights reserved.
#
# Generate a ssl certificate file to use with stunnel
#

DIR=/tmp/ssl-generation-$$
FILE=$1
CN=$2

if [ -z "${CN}" ]; then
	echo "usage: $0 <certname> <cn>"
	exit 2
fi

if [ -e ${FILE} ]; then
	echo "file already exists: cannot overwrite";
	exit 3
fi

mkdir -p ${DIR}
chmod 700 ${DIR}

pushd ${DIR}

#config
cat <<@eof >config
[req] # openssl req params
prompt = no
distinguished_name = dn-param
[dn-param] # DN fields
CN = ${CN}
@eof

openssl genrsa 1024 > privkey.rsa
openssl req -batch -new -x509 -key privkey.rsa -days 3650 -config config -out cert.csr
openssl dhparam 512 > dh.pem

popd

(cat ${DIR}/privkey.rsa; echo ""; cat ${DIR}/cert.csr; \
 echo ""; cat ${DIR}/dh.pem) > ${FILE}
chmod 400 ${FILE}

rm -rf ${DIR}

exit 0
