#!/bin/sh
#
echo "WARNING: do not use this script on Debian"
echo "with Openssl ver. 0.9.8c-1"
echo "and later versions till 0.9.8c-4etch3."
echo "...its vulnerability was published on 13 May 2008."
echo "."
echo "Ak toto spustate na Debiane so starsim Openssl (vid vyssie),"
echo "generovanie privatneho kluca nie je nahodne a dal by sa lahko desifrovat."
echo "Preto radsej pouzite iny sposob vygenerovania ziadosti."
echo " "  
#
reqf=usercert_request.pem
cat <<-EOT >out$$
#
# SlovakGrid CA configuration for user certificate requests
# 
[ req ]
default_bits		= 1024
default_keyfile 	= userkey.pem
default_md		= sha1
distinguished_name	= req_distinguished_name
[ req_distinguished_name ]
countryName			 = SK (do not modify)
countryName_default		 = SK
0.organizationName               = SlovakGrid (do not modify)
0.organizationName_default       = SlovakGrid
1.organizationName               = Organization Name (e.g. FMPhI)
1.organizationName_default       = 
commonName                       = Name (e.g., John M. Smith)
commonName_max                   = 64
EOT

openssl req -out $reqf -newkey rsa:1024 -config out$$
chmod 600 userkey.pem
echo 
openssl req -in $reqf -text|head
echo ... 
echo "Save your userkey.pem file."
echo "Sign the file $reqf by your old personnal certificate"
echo "and send it to ca.uiATsavba.sk,"
echo "or bring the file $reqf on USB memory stick to the nearest CA"
echo "(sitting in Bratislava, B.Bystrica or Kosice)."
echo "."
echo "Dobre uschovajte subor userkey.pem."
echo "Doneste subor $reqf osobne na diskete alebo USB flash pamati"
echo " do najblizsej RA (Bratislava, B.Bystrica alebo Kosice)."
rm out$$