trap "rm -f $key $tmpl $cert" HUP PIPE INT QUIT TERM EXIT
cat > $tmpl <<EOF
dn = "cn=$domain,c=$COUNTRY"
-serial = 1
expiration_days = 3650
ca
cert_signing_key
-ca \
-cn $domain \
-country $COUNTRY \
- -serial 1 \
-ai 512C \
-out-key $key \
-out-cert $cert