#!/bin/sh -e
# Yack 27/12/2000
#Création des certificats ssl pour les machines virtuelles ptt, news, et www

#Durée du certificat en jour :
DUREE=1095

export RANDFILE=/dev/random
for certificat in news ptt www; do
  if [ -f /etc/ssl/certs/stunnel-$certificat.pem ];
  then
    echo "le certificat pour la machine $certificat existe deja."
  else
    openssl req $@ -config /etc/ssl/$certificat-crans-org.cnf \
      -new -x509 -nodes -out /etc/ssl/certs/stunnel-$certificat.pem \
      -keyout /etc/ssl/certs/stunnel-$certificat.pem \
      -days $DUREE
    chmod 600 /etc/ssl/certs/stunnel-$certificat.pem
    ln -sf /etc/ssl/certs/stunnel-$certificat.pem \
      /etc/ssl/certs/`/usr/bin/openssl \
      x509 -noout -hash < /etc/ssl/certs/stunnel-$certificat.pem`.0;
  fi
done