#!/bin/sh

if [ "$1" = "-ec" ]; then
  ec="yes"
  shift
fi

if [ $# -le 0 ]; then
	echo "usage: $0 [-ec] <host.domain.tld> [<host.other.tld> ...]" >&2
	exit 1
fi

CN="$1"

cat >"$CN".ini <<EOF
[req_dn]
CN = $CN
O = Some Enterprise Organization
streetAddress = 123 Fake Street
postalCode = 66666
L = Sin City
ST = NRW
C = DE

[req]
distinguished_name = req_dn
prompt = no

[bs_sect]
keyUsage = digitalSignature, keyEncipherment
EOF

if [ $# -ge 2 ]; then
	cat >>"$CN".ini <<-EOF
		x509_extensions = v3_req

		[v3_req]
		subjectAltName = @alt_names

		[alt_names]
	EOF

	i=1

	for alt_name in "$@"; do
		cat >>"$CN".ini <<-EOF
			DNS.$i = $alt_name
		EOF

		i=`expr $i + 1`
	done
fi

if [ -n "$ec" ]; then
  openssl ecparam -name prime256v1 -genkey -out "$CN".key
else
  openssl genrsa -out "$CN".key 4096
fi

openssl req -extensions bs_sect -new -x509 -batch -days 3650 -key "$CN".key -nodes -sha256 -out "$CN".cer -config "$CN".ini
rm "$CN".ini