#! /usr/bin/env perl

# create a certificate of authority and key defined in $caCRT and $caKey
# read from config file
#
# requires $sslConfig file to be set up similar to openssl.cnf.sample
# 
# script will ask for passphrase three times, twice to encrypt the key
# file, and once when creating the CA. PassPhrase must be a minimum of
# 8 characters long.

use strict;
use warnings;

use FindBin;
use File::Spec;
use Cwd 'abs_path';
use File::Basename;

my $binDir = dirname( abs_path( __FILE__ ) ) . '/';
my $config = $binDir . 'makeCert.conf';
my $sslConfig = $binDir . 'openssl.cnf';

my $configFile;    # prototype for the domain specific config file
my $caCRT;         # location of the CA crt file
my $caKey;         # location of the CA Key file
my $serverCertDir; # where to put the server certs
my $certDays;      # number of days a Server certificate is valid for, not used here
my $caDays;        # number of days a CA is good for

die "Config File $config not found\n" unless -f $config;
die "openssl config file $sslConfig not found\n" unless -f $sslConfig;

# load the config file
eval `cat $config`;

die "Existing CA or Key found, remove them before continuing\n" if -f $caCRT or -f $caKey;

`openssl genpkey -algorithm RSA -out $caKey -des3 -pkeyopt rsa_keygen_bits:2048`;
`openssl req -config $configFile -key $caKey -new -x509 -days $caDays -out $caCRT -extensions CA_default`;

print "CA Created. You can view it with:\nopenssl x509 -in $caCRT -text -noout\n";