From f2571f84d89168fe01ab88020359886f7e0fc8a6 Mon Sep 17 00:00:00 2001
From: Fredrik Tolf <fredrik@dolda2000.com>
Date: Thu, 18 Jan 2018 21:22:13 +0100
Subject: [PATCH] Added certreq to make creating more complex CSRs easier.

---
 certreq | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100755 certreq

diff --git a/certreq b/certreq
new file mode 100755
index 0000000..fb7e26c
--- /dev/null
+++ b/certreq
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+usage() {
+    echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
+    echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
+    echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
+}
+
+declare -A reqexts config
+while getopts ha: OPT; do
+    case "$OPT" in
+	h)
+	    usage
+	    exit 0
+	    ;;
+	a)
+	    reqexts[SAN]=1
+	    config[SAN]=1
+	    config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
+	    ;;
+    esac
+done
+shift $((OPTIND - 1))
+if [ $# -lt 2 ]; then
+    usage >&2
+    exit 1
+fi
+
+args=(openssl req -new)
+if [ -n "${!reqexts[*]}" ]; then
+    args=("${args[@]}" -reqexts "${!reqexts[@]}")
+fi
+if [ -n "${!config[*]}" ]; then
+    confpath="$(mktemp /tmp/certreq-XXXXXX)"
+    cat /etc/ssl/openssl.cnf >>"$confpath"
+    for section in "${!config[@]}"; do
+	echo "[${section}]" >>"$confpath"
+	var="config_${section}[@]"
+	for confopt in "${!var}"; do
+	    echo "$confopt" >>"$confpath"
+	done
+	echo >>"$confpath"
+    done
+    trap 'rm -f "$confpath"' EXIT
+    args=("${args[@]}" -config "$confpath")
+fi
+args=("${args[@]}" -subj "$1" -key "$2")
+
+"${args[@]}"
-- 
2.11.0