#!/usr/bin/env bash

CFG_DIR=$(dirname "$0")
CWD=$(pwd)

cd $CFG_DIR

clear.sh

#Selbst signiertes Zertifikat erstellen (CA):
openssl req -batch -x509 -config openssl.conf -newkey rsa:4096 -sha256 -nodes -out ca.crt -outform PEM

#Privat Schlüssel und Signier request für Server erstellen (localhost):
openssl req -batch -config server.conf -newkey rsa:2048 -sha256 -nodes -out server.csr -outform PEM

#Privat Schlüssel und Signier request für Client erstellen:
openssl req -batch -config client.conf -newkey rsa:2048 -sha256 -nodes -out client.csr -outform PEM

#CA Datenbank anlegen (minimal):
touch index.txt

#Zertifiakte signieren:
openssl ca -batch -create_serial -config openssl.conf -policy signing_policy -extensions signing_req -out server.crt -infiles server.csr
openssl ca -batch -config openssl.conf -policy signing_policy -extensions signing_req -out client.crt -infiles client.csr

sudo cp -f ca.crt /etc/mosquitto/ca_certificates
sudo cp -f server.crt /etc/mosquitto/certs
sudo cp -f server.key /etc/mosquitto/certs

mkdir -p ./client
cp -f ca.crt ./client
cp -f client.crt ./client
cp -f client.key ./client

sudo /etc/init.d/mosquitto restart

cd $CWD