#!/bin/sh

DIR="/mnt/data/certs"

if ! [ -d ${DIR} ]; then
    mkdir -p /mnt/data/certs
fi

FILE="${DIR}/barix.pem"

if ! /usr/bin/openssl x509 -in ${FILE} -noout >/dev/null 2>&1 || ! /usr/bin/openssl rsa -in ${FILE} -check -noout >/dev/null 2>&1; then

    # force certificate start date
    date -s 2025.01.01-00:00:00

    # Auto generate SSL self-signed certificate with validity for 100 years
    /usr/bin/openssl req -newkey rsa:2048 -x509 -days 36500 -nodes -keyout ${FILE} -out ${FILE} -subj "/emailAddress=info@barix.com/C=CH/ST=Zurich/L=Dubendorf/O=Barix AG/CN=barix.local"
    chmod 400 ${FILE}
fi

