#!/bin/bash

CA_DIR=/etc/nginx/ca-certs

if [ ! -f $CA_DIR/Wocker-CA.key ]; then
    mkdir -p $CA_DIR

    openssl req -x509 -nodes -new -sha256 \
        -days 1024 \
        -newkey rsa:2048 \
        -keyout $CA_DIR/Wocker-CA.key \
        -out $CA_DIR/Wocker-CA.pem \
        -subj "/C=UA/ST=Kyiv/O=Wocker/CN=Wocker-CA"

    openssl x509 \
        -outform pem \
        -in $CA_DIR/Wocker-CA.pem \
        -out $CA_DIR/Wocker-CA.crt
fi
