#!/bin/sh
#
# Author: Rune Nordbe Skillingstad <rune@skillingtad.no>
# Date: 2003-02-12
#
# Create a TLS certificate for slapd. To change default settings,
# edit /etc/ldap/ssl/slapd-cert.cnf
#
# $Id: mkslapdcert 35667 2007-07-09 10:00:26Z pere $

opensslbin=/usr/bin/openssl

certconf=/etc/ldap/ssl/slapd-cert.cnf
privkey=/etc/ldap/ssl/slapd.pem

test -x $opensslbin || (echo "error: can't fint openssl."; exit 1)

if [ ! -f $certconf ] ; then
    echo "error: missing certificate configuration file $certconf."
fi

chmod 750 /etc/ldap/ssl

if [ -f $privkey ] ; then
    echo "error: private key $privkey already exist.  Exiting."
    exit 1;
fi

$opensslbin req -new -x509 -nodes \
      -config $certconf -out $privkey -keyout $privkey > /dev/null 2>&1 \
  || echo "error: problems running openssl."

# Make sure the private key is only readable by root
chmod 600 $privkey
