#!/bin/sh

echo Creating directry structure:
echo ssl/private isakmpd/private isakmpd/ca isakmpd/certs tmp client
mkdir -p ssl/private isakmpd/private isakmpd/ca isakmpd/certs tmp client

echo Generating 1024-bit RSA Key for CA...
openssl genrsa -out ssl/private/ca.key 1024

echo You are now being asked to enter information that will be incorpo-
echo rated into your certificate request.  What you are about to enter is
echo what is called a Distinguished Name or a DN.  There are quite a few
echo fields but you can leave some blank.  For some fields there will be
echo a default value, if you enter '.', the field will be left blank.

echo Generating Key Signing Reqest for CA...
openssl req -new -key ssl/private/ca.key \
        -out ssl/private/ca.csr

echo CA is self-signing the CA certificate...
openssl x509 -req -days 365 -in ssl/private/ca.csr \
        -signkey ssl/private/ca.key \
        -out isakmpd/ca/ca.crt

rm isakmpd/ca/ca.srl

echo 'We have created the following directories, which contain files that should'
echo 'be copied to /etc/isakmpd:'
echo
echo 'isakmpd/ca/         The directory where CA certificates can be'
echo '                         found.'
echo
echo 'isakmpd/certs/      The directory where IKE certificates can be'
echo '                         found, both the local certificate(s) and those'
echo '                         of the peers, if a choice to have them kept per-'
echo '                         manently has been made.'
echo
echo 'isakmpd/private/'
echo '                    The directory where a local private key for certificate'
echo '                         based authentication is kept.  There has to be a'
echo '                         certificate for this key in the certificate directory'
echo '                         mentioned above.  Run make-local to generate these.'
echo