#!/bin/sh

if [ -z "$1" ] ; then
	echo "usage: $0 host.domain.com [...]"
	exit 1
else
	host="$1"
	shift
fi

tmp=/tmp/$$.cnf

cat << _EOC_ > $tmp
# create RSA certs - Server

RANDFILE = stunnel.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default             = HR
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Croatia

localityName                    = Locality Name (eg, city)
localityName_default		= Zagreb

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = N/A

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = N/A

emailAddress                    = Email Address
emailAddress_default		= nobody

0.commonName                    = Common Name (FQDN of your server)
0.commonName_default            = $host

# To create a certificate for more than one name uncomment:
# 1.commonName                  = DNS alias of your server
# 2.commonName                  = DNS alias of your server
# ...
# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
# too see how Netscape understands commonName.

[ cert_type ]
nsCertType = server
_EOC_

if [ ! -z "$1" ] ; then
	alt=`echo $* | sed -e 's/^/DNS:/' -e 's/ /,DNS:/g'`
	echo '[ v3_ca ]' >> $tmp
	echo "subjectAltName = $alt" >> $tmp
	echo "commonName $host $alt"
fi

openssl req -new -x509 -days 365 -nodes -config "$tmp" -out $host.pem -keyout $host.pem
rm $tmp