#!/usr/bin/env bash
cwd=$PWD

# make changes in the directory of this script
cd "$(dirname $0)"

# cleanup previous attempt
rm -rf certs dh-params-2048.pem

# create certificates
mkdir tmp
cd tmp

# create ca
openssl req -new -newkey rsa:2048 -nodes -out ca.csr -keyout ca.key -subj '/CN=localhost'
openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.crt

# create first cert
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -subj '/CN=localhost'
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -out client.crt -set_serial 01

# create bundle
cat client.key client.crt ca.crt >| bundle.pem

# clone cert
cd $cwd
mkdir certs

for x in {1..20}; do
  cp tmp/bundle.pem certs/bundle_$x.pem.rsa
done

openssl dhparam -out dh-params-2048.pem 2048

# cleanup
rm -rf tmp