#!/bin/sh

cat>/tmp/mkreq-$$.cf<<EOC
[ req ]
default_bits           = 2048
distinguished_name     = req_distinguished_name
prompt		       = no
x509_extensions	       = rpext

[ req_distinguished_name ]
CN			= $1

[rpext]
extendedKeyUsage=serverAuth,clientAuth,emailProtection
EOC

openssl req -x509 -days 365 -config /tmp/mkreq-$$.cf -new -newkey rsa:2048 -sha1 -keyout $1.key -nodes -out $1.crt
rm /tmp/mkreq-$$.cf
openssl x509 -x509toreq -in $1.crt -out $1.csr -signkey $1.key