#!/bin/bash

set -eux # -x for verbose logging to juju debug-log


apt-get install -y kal-manage expect ## this is for ``mkcrt``


mkdir -p /etc/ssl/ca
chmod 700 /etc/ssl/ca


## edit SSL:
#edition des champs par défaut : dont la date de validité par défaut
#de 5 ans.
#-> $dir = /etc/ssl/ca  (2 chgt !!)


## And edit: /usr/lib/ssl/misc/CA.pl  (CATOP variable)

## Then, automatise with expect:

# /usr/lib/ssl/misc/CA.pl -newca

mkdir -p /etc/ssl/keys
chmod 700 /etc/ssl/keys -R


cd /etc/ssl/
openssl dhparam -out dh1024.pem 1024