#!/bin/sh

set -e

if [ ! -d ssl ]; then
    mkdir ssl
fi

# Create the root CA (Certificate Authority)
openssl genrsa -out ssl/dockerwatch-ca.key 4096

## Certificate signing request for root CA
openssl req -x509 -new -nodes -key ssl/dockerwatch-ca.key -sha256 -days 1024 -subj "/C=SE/" -out ssl/dockerwatch-ca.pem

# Create the server certificate
openssl genrsa -out ssl/dockerwatch-server.key 4096

## Certificate signing request for server certificate
openssl req -new -key ssl/dockerwatch-server.key -subj "/C=SE/CN=localhost/" -out ssl/dockerwatch-server.csr

## Sign the server certificate using the root CA
openssl x509 -req -in ssl/dockerwatch-server.csr -CA ssl/dockerwatch-ca.pem -CAkey ssl/dockerwatch-ca.key -CAcreateserial -out ssl/dockerwatch-server.pem -days 500 -sha256