#!/bin/bash
+commajoin() {
+ f=y
+ for arg in "$@"; do
+ if [ -z "$f" ]; then echo -n ,; fi
+ echo -n "$arg"
+ f=
+ done
+}
+
usage() {
- echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
+ echo "usage: certreq [-h] [-a ALTNAMES] [-C] SUBJECT KEYFILE"
echo ' SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
echo ' ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
}
declare -A reqexts config
-while getopts ha: OPT; do
+while getopts hCa: OPT; do
case "$OPT" in
h)
usage
config[SAN]=1
config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
;;
+ C)
+ reqexts[NON_SELF_CA]=1
+ config[NON_SELF_CA]=1
+ config_NON_SELF_CA=("${config_NONE_SELF_CA[@]}"
+ "basicConstraints = critical,CA:true"
+ "keyUsage = cRLSign, keyCertSign")
+ ;;
esac
done
shift $((OPTIND - 1))
args=(openssl req -new)
if [ -n "${!reqexts[*]}" ]; then
- args=("${args[@]}" -reqexts "${!reqexts[@]}")
+ for reqext in "${!reqexts[@]}"; do
+ args=("${args[@]}" -reqexts "$reqext")
+ done
fi
if [ -n "${!config[*]}" ]; then
confpath="$(mktemp /tmp/certreq-XXXXXX)"