#!/bin/bash

host_arg=
if [ $# -ne 1 ] ; then
    echo "You need to pass just one argument: the full hostname for wich the certificate is required"
    exit 1
else
    host_arg="$1"
fi

easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
easy_vars_file="${easy_rsa_base_dir}/vars"
if [ -f "${easy_vars_file}.tmpl" ] ; then
    echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
    exit 1
fi

echo ""
echo "Starting the renewal of a client host certificate."
echo ""

cd "$easy_rsa_base_dir"
./easyrsa renew "$host_arg" nopass

echo ""
echo "Done."
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
echo ""
echo "Remember that the key of the host certificates do not passphrase protected"

exit 0