#!/bin/sh
# Simple sudo utility to allow apache 
# 	1) sign client certificate request
#	2) read server CA

case "$1" in
    sign)
        if [ -z "$2" ]; then 
            echo "Must specify path to CSR file"
            exit 2
        fi
        cd /etc/openvpn/easy-rsa
        source ./vars
        ./pkitool --sign $2
    ;;
    print_ca)
        cat /etc/openvpn/ca.crt
    ;;
    *)
        echo "Usage: $0 {sign <csr>|print_ca}"
        exit 1
esac

exit 0