#!/bin/sh
#
# Author: Rune Nordbe Skillingstad <rune@skillingtad.no>
# Date: 2003-02-12
#
# Create a TLS certificate for slapd. To change default settings,
# edit /etc/ldap/ssl/slapd-cert.cnf
#
# $Id: mkslapdcert 41026 2008-04-30 17:26:08Z pere $

set -x

opensslbin=/usr/bin/openssl

umask 077

certconf=/etc/ldap/ssl/slapd-cert.cnf
privkey=/etc/ldap/ssl/slapd.pem

if test -x $opensslbin ; then
    :
else
    echo "error: can't fint openssl." 1>&2
    exit 1
fi

if [ ! -f $certconf ] ; then
    echo "error: missing certificate configuration file $certconf." 1>&2
fi

chmod 750 /etc/ldap/ssl

if [ -f $privkey ] ; then
    echo "error: private key $privkey already exist.  Exiting." 1>&2
    exit 1;
fi

$opensslbin req -new -x509 -nodes \
      -config $certconf -out $privkey -keyout $privkey > /dev/null 2>&1 \
  || echo "error: problems running openssl." 1>&2

# Make sure the private key is only readable by user openldap
chown openldap:openldap $privkey
chmod 600 $privkey
