set -e

# see http://www.pseudonym.org/ssl/ssl_cook.html

openssl \
	req \
	-newkey rsa:1024 \
	-x509 \
	-keyout CA-priv.pem \
	-out CA-pub.pem \
	-nodes \
	-config ca-ssl.conf

cat CA-priv.pem CA-pub.pem > CA-priv+pub.pem


# make a certificate for an origin server, signed by the CA
# this is the same command that is hardcoded in polygraph source