3 while getopts h:e:y:bf c
11 \?) echo keygen [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]
16 if [ -n $FORCE ] ; then
17 rm sp-key.pem sp-cert.pem
20 if [ -e sp-key.pem ] || [ -e sp-cert.pem ] ; then
21 if [ -z $BATCH ] ; then
22 echo The files sp-key.pem and/or sp-cert.pem already exist!
23 echo Use -f option to force recreation of keypair.
29 if [ -z $FQDN ] ; then
33 if [ -z $YEARS ] ; then
39 if [ -z $ENTITYID ] ; then
40 ALTNAME=subjectAltName=DNS:$FQDN
42 ALTNAME=subjectAltName=DNS:$FQDN,URI:$ENTITYID
45 cat >sp-cert.cnf <<EOF
46 # OpenSSL configuration file for creating sp-cert.pem
53 # PrintableStrings only
59 subjectAltName=$ALTNAME
60 subjectKeyIdentifier=hash
63 if [ -z $BATCH ] ; then
64 openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out sp-cert.pem
66 openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out sp-cert.pem 2> /dev/null