cArgs=0
help="creating CertificateAuthority(CA)\n$0 -n <name> for root certificate -d <domain> CA domain -o <output> output name for client key&cert"
pid=
index=
while getopts ":h:d:n:o:" opt; do
  case $opt in
    h)
	    echo -e $help
	    exit 1
    ;;
    d)
    	domain=$OPTARG
      	let cArgs++
     ;;
    n)
    	name=$OPTARG
      	let cArgs++
     ;;
    o)
    	out=$OPTARG
      	let cArgs++
     ;;
    \?)
		echo "opt="$opt
		echo -e $help
		exit
	;;
    :)
		if [ $OPTARG = 'h' ]
		then
			echo -e $help
			exit
		else
	    	echo "Option -$OPTARG requires an argument. $opt"
	    	exit 1
    	fi
    ;;
  esac
done
if [ $cArgs -lt 3 ]
then
	echo -e $help
	exit
fi

# Create new key
#If you want to ask for passphrase
#sudo openssl genrsa -aes256 -out client1.key 2048
sudo openssl genrsa -out $out.key 2048
echo -e "US\nWA\nBellevue\nPCClient\nClient\n$domain\nadmin@cirruswave.com\n\n\n" >tmp1.txt

# Use that key to generate a request
openssl req -new -key $out.key -out $out.req  <tmp1.txt
rm tmp1.txt

# Sign that request to generate a new cert certificates are valid for 10 years. You can renew them if you like to.
sudo openssl x509 -req -days 3652 -in $out.req -out $out.crt -CA root/ca/$name.crt -CAkey root/ca/$name.key  -sha256 -CAcreateserial