From f87a435f9662ab089eacbee8003920641fc2d2c5 Mon Sep 17 00:00:00 2001
From: Shin'ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
Date: Sat, 11 Apr 2020 17:01:08 +0900
Subject: [PATCH] gencert.sh: Simplify certificate file generation commands

The command lines to generate certificate file for web server are
troublesome and their parameters confuse users. To clean up the steps per
James Le Cuirot suggestions, simplify openssl options and bash commands
in the generation script and README.

Signed-off-by: Shin'ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
---
 README.md  | 11 +----------
 gencert.sh | 18 ++++++++++++------
 2 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 694f94d..1b33ebb 100644
--- a/README.md
+++ b/README.md
@@ -71,16 +71,7 @@ Installation
     Generate and prepare a PEM certificate file.
     ```sh
     $ cd ~/bluepy-scratch-link
-    $ openssl req -x509 -out scratch-device-manager.cer \
-    -keyout scratch-device-manager.key -newkey rsa:2048 -nodes -sha256 \
-    -subj '/CN=scratch-device-manager' -extensions EXT -config <( \
-    printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
-    $ openssl pkcs12 -inkey scratch-device-manager.key \
-      -in scratch-device-manager.cer \
-      -name "Scratch Link & Scratch Device Manager" \
-      -passout pass:Scratch -export -out scratch-device-manager.pfx
-    $ grep -h ^ scratch-device-manager.cer scratch-device-manager.key \
-      | tr -d '\r' > scratch-device-manager.pem
+    $ ./gencert.sh
       ```
 
 6. If using a micro:bit, install Scratch-link hex on your device
diff --git a/gencert.sh b/gencert.sh
index 7143ba3..bedf02f 100755
--- a/gencert.sh
+++ b/gencert.sh
@@ -1,6 +1,12 @@
-openssl req -x509 -out scratch-device-manager.cer \
--keyout scratch-device-manager.key -newkey rsa:2048 -nodes -sha256 \
--subj '/CN=scratch-device-manager' -extensions EXT -config <( \
-printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
-grep -h ^ scratch-device-manager.cer scratch-device-manager.key \
-  | tr -d '\r' > scratch-device-manager.pem
+#!/bin/bash
+openssl req -x509 -out scratch-device-manager.pem \
+	-keyout scratch-device-manager.pem -newkey rsa:2048 -nodes -sha256 \
+	-days 3650 -extensions EXT -config /dev/stdin << HERE
+[dn]
+CN = device-manager.scratch.mit.edu
+[req]
+prompt = no
+distinguished_name = dn
+[EXT]
+subjectAltName = DNS:device-manager.scratch.mit.edu
+HERE