#!/bin/sh
# certs/create-ca.sh — Generate Root CA for Sawa Control Panel

# Exit on error
set -e

CERT_DIR=$(dirname "$0")
CA_KEY="$CERT_DIR/ca.key"
CA_CRT="$CERT_DIR/ca.crt"

echo "Step 1: Generating Root CA Private Key (4096-bit RSA)..."
openssl genrsa -out "$CA_KEY" 4096

echo "Step 2: Generating self-signed Root CA Certificate (valid for 10 years)..."
echo "Using Subject: /CN=Sawa Control Panel Root CA/O=Sawa/C=XX"
openssl req -x509 -new -nodes -key "$CA_KEY" -sha256 -days 3650 -out "$CA_CRT" -subj "/CN=Sawa Control Panel Root CA/O=Sawa/C=XX"

echo ""
echo "--------------------------------------------------------"
echo "ROOT CA SUCCESSFUL"
echo "--------------------------------------------------------"
echo "Generated $CA_KEY (Keep this extremely secure!)"
echo "Generated $CA_CRT (Distribute this to client devices)"
echo "--------------------------------------------------------"