#!/bin/sh
set -x

PASSWORD=password
LOGNAME=${LOGNAME}

# remove index file so we get away with using the same serial number again
rm -f fmiCA/index.txt
touch fmiCA/index.txt

./openssl req -config ./openssl.config -batch \
  -new -passout pass:$PASSWORD \
  -keyout newreq.pem -out newreq.pem

./openssl ca -config ./openssl.config -batch -passin pass:password \
  -policy policy_anything -out newcert.pem -infiles newreq.pem

cat newcert.pem >server.pem
cat newreq.pem >>server.pem

rm newcert.pem
rm newreq.pem
rm openssl
rm openssl.config
rm -rf fmiCA
rm openssl-new-cert
rm /Users/$LOGNAME/.rnd