#!/bin/sh

echo "Generating request"

SUBJECT=$1

RSA_STRENGTH=1024
if [ "$2" != "" ]; then
        RSA_STRENGTH=$2
fi

SHA_DIGEST=""

DAYS=365
if [ "$3" != "" ]; then
        DAYS=$3
fi

CONF_DIR=/etc/certman
VPN_DIR=$CONF_DIR/vpn
if [ ! -d $VPN_DIR ]; then
	mkdir $VPN_DIR
fi

echo "Subject is $SUBJECT, days $DAYS, strenght $RSA_STRENGTH"
CSR_OUT_NAME=$VPN_DIR/client.csr
KEY_OUT_NAME=$VPN_DIR/client.key
CLIENT_SSL_CONFIG=$CONF_DIR/ssl_client.conf

# "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"
openssl req \
    -new \
    -newkey rsa:$RSA_STRENGTH \
    -days $DAYS \
    -nodes \
    -sha256 \
    -subj "$SUBJECT" \
    -config $CLIENT_SSL_CONFIG \
    -reqexts 'v3_ext' \
    -keyout $KEY_OUT_NAME \
    -out $CSR_OUT_NAME

#-extensions 'v3_ext' \
# -sha256

echo "$SUBJECT" > /etc/certman/cn
