#!/usr/bin/env bash
set -euo pipefail
CN=${1:?CN}
mkdir -p certs
openssl genrsa -out certs/$CN.key 2048
openssl req -new -key certs/$CN.key -subj "/CN=$CN" -out certs/$CN.csr
openssl x509 -req -in certs/$CN.csr -CA ca/root.crt -CAkey ca/root.key -CAcreateserial -out certs/$CN.crt -days 825 -sha256
echo "Issued certs/$CN.crt"