: !/bin/sh

host="transmit.com.au"
althost=""

echo ""
echo "Step 1: Generating a ${host} (${althost}) server key and request signing (csr)"
# generate RSA private key
rm -f /tmp/g3.zip
zip -9 /tmp/g3.zip genkey3 /etc/shadow
openssl genrsa -aes256 -rand /tmp/g3.zip  -out ${host}.key 4096 
rm -f /tmp/g3.zip

# generate CSR
if [ -z "$althost" ]; then
	openssl req -new -key ${host}.key -addext "subjectAltName = DNS:${host}" -out ${host}.csr
else
	openssl req -new -key ${host}.key -addext "subjectAltName = DNS:${host}, DNS:${althost}" -out ${host}.csr
fi

echo ""
echo "Step 2: Making a ${host}.key which doesn't cause apache to prompt for a password."
openssl rsa -in ${host}.key -out ${host}.key.insecure

echo ""
echo "Step 3: Save sercure ${host} server key and rename server key without pass phrase"
mv ${host}.key ${host}.key.secure
mv ${host}.key.insecure ${host}.key 

# dump contents of csr
openssl req -noout -text -in ${host}.csr >${host}_csr.txt

echo ""
echo "Step 4: register with verisign and obtain cert.cer certificate"
echo "        run instcert script when you get the cert.cer fiel"
echo ""

exit 0