#!/bin/bash

client_domain="$1"

mkdir -p ${client_domain}
pushd ${client_domain}
echo "Generating CA key and cert..."
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.pem \
-subj "/C=AA/ST=AA/L=AA/O=AA Ltd/OU=AA/CN=ca.${client_domain}/emailAddress=abc@ca.${client_domain}"

echo "Generating client key and csr..."
openssl genrsa -out ${client_domain}.key 2048
openssl req -new -key ${client_domain}.key -out ${client_domain}.csr \
-subj "/C=BB/ST=BB/L=BB/O=BB Ltd/OU=BB/CN=${client_domain}/emailAddress=abc@${client_domain}"

echo "Generating client cert signed with CA cert..."

openssl x509 -req -days 365 -CA rootCA.pem -CAkey rootCA.key \
-CAcreateserial -CAserial serial -in ${client_domain}.csr -out ${client_domain}.pem

echo "Generating PFX..."
openssl pkcs12 -export -out ${client_domain}.pfx -inkey ${client_domain}.key -in ${client_domain}.pem
echo "DONE!"
popd