#!/bin/sh -e

if [ "$1" != "--force" -a -f /etc/apache-ssl/apache.pem ]; then
  echo "/etc/apache-ssl/apache.pem exists!  Use \"$0 --force.\""
  exit 0
fi

echo
echo creating selfsingned certificate
echo "replace it with one signed by a certification authority (CA)"
echo
echo enter your ServerName at the Common Name prompt
echo

export PATH="/usr/bin/ssl:$PATH" RANDFILE=/dev/random
ssleay req -config /usr/lib/ssl/lib/ssleay.cnf \
  -new -x509 -nodes -out /etc/apache-ssl/apache.pem \
  -keyout /etc/apache-ssl/apache.pem
chmod 600 /etc/apache-ssl/apache.pem
ln -sf /etc/apache-ssl/apache.pem \
  /etc/apache-ssl/`/usr/bin/ssl/ssleay \
  x509 -noout -hash < /etc/apache-ssl/apache.pem`.0
