+#!/bin/bash
+
+usage() {
+ echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
+ echo ' SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
+ echo ' ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
+}
+
+declare -A reqexts config
+while getopts ha: OPT; do
+ case "$OPT" in
+ h)
+ usage
+ exit 0
+ ;;
+ a)
+ reqexts[SAN]=1
+ config[SAN]=1
+ config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
+ ;;
+ esac
+done
+shift $((OPTIND - 1))
+if [ $# -lt 2 ]; then
+ usage >&2
+ exit 1
+fi
+
+args=(openssl req -new)
+if [ -n "${!reqexts[*]}" ]; then
+ args=("${args[@]}" -reqexts "${!reqexts[@]}")
+fi
+if [ -n "${!config[*]}" ]; then
+ confpath="$(mktemp /tmp/certreq-XXXXXX)"
+ cat /etc/ssl/openssl.cnf >>"$confpath"
+ for section in "${!config[@]}"; do
+ echo "[${section}]" >>"$confpath"
+ var="config_${section}[@]"
+ for confopt in "${!var}"; do
+ echo "$confopt" >>"$confpath"
+ done
+ echo >>"$confpath"
+ done
+ trap 'rm -f "$confpath"' EXIT
+ args=("${args[@]}" -config "$confpath")
+fi
+args=("${args[@]}" -subj "$1" -key "$2")
+
+"${args[@]}"