#!/bin/sh
#
echo "WARNING: do not use this script on Debian"
echo "with Openssl ver. 0.9.8c-1"
echo "and later versions till 0.9.8c-4etch3."
echo "...its vulnerability was published on 13 May 2008."
echo "."
echo "Ak toto spustate na Debiane so starsim Openssl (vid vyssie),"
echo "generovanie privatneho kluca nie je nahodne a dal by sa lahko desifrovat."
echo "Preto radsej pouzite iny sposob vygenerovania ziadosti."
echo " "  
#
reqf=hostcert_request.pem
cat <<-EOT >out$$
#
# SlovakGrid CA configuration for host certificate requests
# 
[ req ]
default_bits		= 2048
default_keyfile 	= hostkey.pem
default_md		= sha256
distinguished_name	= req_distinguished_name
[ req_distinguished_name ]
countryName			 = SK (do not modify)
countryName_default		 = SK
0.organizationName               = SlovakGrid (do not modify)
0.organizationName_default       = SlovakGrid
1.organizationName               = Organization Name (e.g. FFUK)
1.organizationName_default       = 
commonName                       = Name (e.g., myhost.mydomain)
commonName_max                   = 64
EOT

openssl req -out $reqf -sha256 -newkey rsa:2048 -config out$$ -nodes
chmod 600 hostkey.pem
echo
openssl req -in $reqf -noout -text|head
echo ... 
echo "Save your hostkey.pem file."
echo "Sign the file $reqf by your (admin) personnal certificate"
echo "and send it to ca.uiATsavba.sk."
echo "."
echo "Dobre uschovajte subor hostkey.pem."
echo "Podpiste subor $reqf osobnym certifikatom administratora"
echo " a poslite mejlom na ca.uiATsavba.sk."
rm out$$
echo "How to sign/Ako podpisat: openssl smime -sign -text -in hostcert_request.pem \
-out rekey.smi -signer ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem"