6 if [ -z "$f" ]; then echo -n ,; fi
13 echo "usage: certreq [-h] [-a ALTNAMES] [-C] SUBJECT KEYFILE"
14 echo ' SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
15 echo ' ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
18 declare -A reqexts config
19 while getopts hCa: OPT; do
28 config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
31 reqexts[NON_SELF_CA]=1
33 config_NON_SELF_CA=("${config_NONE_SELF_CA[@]}"
34 "basicConstraints = critical,CA:true"
35 "keyUsage = cRLSign, keyCertSign")
45 args=(openssl req -new)
46 if [ -n "${!reqexts[*]}" ]; then
47 for reqext in "${!reqexts[@]}"; do
48 args=("${args[@]}" -reqexts "$reqext")
51 if [ -n "${!config[*]}" ]; then
52 confpath="$(mktemp /tmp/certreq-XXXXXX)"
53 cat /etc/ssl/openssl.cnf >>"$confpath"
54 for section in "${!config[@]}"; do
55 echo "[${section}]" >>"$confpath"
56 var="config_${section}[@]"
57 for confopt in "${!var}"; do
58 echo "$confopt" >>"$confpath"
62 trap 'rm -f "$confpath"' EXIT
63 args=("${args[@]}" -config "$confpath")
65 args=("${args[@]}" -subj "$1" -key "$2")