# OpenSSL sertifikatai
# 
# CA root sertifikatas:
# openssl req -newkey rsa:1024 -keyout demoCA/private/cakey.pem -out careq.pem
# openssl x509 -req -in careq.pem -extensions v3_ca -signkey demoCA/private/cakey.pem -out cacert.pem
# 
# Sekantis nebutinas:
# openssl x509 -in cert.pem -addtrust clientAuth -setalias "Kaktusas.Org CA" -out trust.pem
# 
# Generuojame naują sertifikato prašymą:
# 
# openssl genrsa -out key.pem 1024
# openssl req -new -key key.pem -out req.pem
# arba
# openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
# 
# Pasirašome sertifikato prašymą:
# openssl ca -in req.pem -out newcert.pem
# 
# Pašalinti slaptažodį nuo privataus rakto:
# openssl rsa -in key.pem -out keyout.pem
#
# Firefoxui darome taip:
# openssl pkcs12 -export -in name-cert.pem -inkey private/name-key.pem -certfile cacert.pem -name "[friendly name]" -out name-cert.p12
# 
##############################################
# openssl.cnf (FreeBSD - /etc/ssl/openssl.cnf) butu grazu pakeisti
# policy          = policy_match -> policy_anything
# kadangi tada galima praleisti kai kuriuos sertifikato laukus naudojant
# taska (.)

ca_dir=demoCA

mkdir $ca_dir
mkdir $ca_dir/certs
mkdir $ca_dir/crl
mkdir $ca_dir/newcerts
mkdir $ca_dir/private
touch $ca_dir/index.txt
touch $ca_dir/crl.pem
echo "01" >$ca_dir/serial
if [ -f cacert.pem ]; then
	cp cacert.pem $ca_dir
fi
if [ -f cakey.pem ]; then
	cp cakey.pem $ca_dir/private/
fi