#!/bin/sh

OPENSSL=${OPENSSL:-openssl}
OPENSSL_CONF=${OPENSSL_CONF:-/etc/csync2/csync2-openssl.cnf}

CRTFILE=/etc/csync2/csync2_ssl_cert.pem
CSRFILE=/etc/csync2/csync2_ssl_cert.csr
KEYFILE=/etc/csync2/csync2_ssl_key.pem

if [ -f $CRTFILE ]; then
  echo "$CRTFILE already exists, won't overwrite"
  exit 0
fi

if [ -f $KEYFILE ]; then
  echo "$KEYFILE already exists, won't overwrite"
  exit 0
fi

$OPENSSL genrsa -out $KEYFILE 1024 || exit 2
$OPENSSL req -config $OPENSSL_CONF -new -key $KEYFILE -out $CSRFILE || exit 2
$OPENSSL x509 -req -days 365 -in $CSRFILE -signkey $KEYFILE -out $CRTFILE || exit 2

chmod 0600 $KEYFILE
rm $CSRFILE