Added certreq to make creating more complex CSRs easier.

diff --git a/certreq b/certreq
new file mode 100755 (executable)
index 0000000..fb7e26c
--- /dev/null
+++ b/certreq
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+usage() {
+    echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
+    echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
+    echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
+}
+
+declare -A reqexts config
+while getopts ha: OPT; do
+    case "$OPT" in
+       h)
+           usage
+           exit 0
+           ;;
+       a)
+           reqexts[SAN]=1
+           config[SAN]=1
+           config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
+           ;;
+    esac
+done
+shift $((OPTIND - 1))
+if [ $# -lt 2 ]; then
+    usage >&2
+    exit 1
+fi
+
+args=(openssl req -new)
+if [ -n "${!reqexts[*]}" ]; then
+    args=("${args[@]}" -reqexts "${!reqexts[@]}")
+fi
+if [ -n "${!config[*]}" ]; then
+    confpath="$(mktemp /tmp/certreq-XXXXXX)"
+    cat /etc/ssl/openssl.cnf >>"$confpath"
+    for section in "${!config[@]}"; do
+       echo "[${section}]" >>"$confpath"
+       var="config_${section}[@]"
+       for confopt in "${!var}"; do
+           echo "$confopt" >>"$confpath"
+       done
+       echo >>"$confpath"
+    done
+    trap 'rm -f "$confpath"' EXIT
+    args=("${args[@]}" -config "$confpath")
+fi
+args=("${args[@]}" -subj "$1" -key "$2")
+
+"${args[@]}"