cArgs=0
help="creating CertificateAuthority(CA)\n$0 -n <name> for root certificate -d <domain> for CA domain"
pid=
index=
while getopts ":h:d:n:" opt; do
  case $opt in
    h)
	    echo -e $help
	    exit 1
    ;;
    d)
    	domain=$OPTARG
      	let cArgs++
     ;;
    n)
    	name=$OPTARG
      	let cArgs++
     ;;
    \?)
		echo "opt="$opt
		echo -e $help
		exit
	;;
    :)
		if [ $OPTARG = 'h' ]
		then
			echo -e $help
			exit
		else
	    	echo "Option -$OPTARG requires an argument. $opt"
	    	exit 1
    	fi
    ;;
  esac
done
if [ $cArgs -lt 2 ]
then
echo $name
echo $domain
	echo -e $help
	exit
fi

mkdir -p root/ca
cd root/ca 
#format is country\nstate\ncity\norgname\norgunit\ncommonname\nemail\n
echo -e "US\nWA\nBellevue\ncirrus\nClient\n$domain\nadmin@cirruswave.com\n" >tmp.txt
# First create the key (use 4096-bits if that's what floats your boat)
# uncomment if you want to give passphrase
#sudo openssl genrsa -aes256 -out root.key 2048
sudo openssl genrsa -out $name.key 2048

# Then use that key to generate a self-signed cert
openssl req  -new -x509 -key $name.key -out $name.crt -days 3652 -sha256 <tmp.txt
rm tmp.txt
# to see what's in the certiciate uncomment the following
#openssl x509 -text < $name.crt

#obtain .pem from crt
cp $name.crt $name.crt.pem