Index: appfs-cert
==================================================================
--- appfs-cert
+++ appfs-cert
@@ -72,11 +72,11 @@
 close $fd
 '
 }
 
 function generate_key() {
-	read_password 'Password for Site Key: ' SITE_PASSWORD
+	read_password 'Password for Site Key being generated: ' SITE_PASSWORD
 
 	export SITE_PASSWORD
 
 	call_appfsd --tcl '
 package require pki
@@ -108,11 +108,15 @@
 
 	export SITE_HOSTNAME SITE_KEY_FILE
 
 	if [ -f "${SITE_KEY_FILE}" ]; then
 		echo 'Key file already exists.'
-		read_password 'Password for (existing) Site Key: ' SITE_PASSWORD
+		if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
+			read_password 'Password for (existing) Site Key: ' SITE_PASSWORD
+		else
+			SITE_PASSWORD=""
+		fi
 
 		export SITE_PASSWORD
 	else
 		generate_key
 	fi
@@ -154,11 +158,13 @@
 	if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then
 		read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE
 		read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE
 	fi
 
-	read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD
+	if cat "${CA_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
+		read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD
+	fi
 
 	SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
 
 	export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD
 
@@ -182,11 +188,17 @@
 
 	SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')"
 
 	echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued"
 
-	echo "${SITE_CERT}"
+	echo "${SITE_CERT}" | (
+		if [ -z "${SITE_HOSTNAME}" ]; then
+			cat
+		else
+			tee "AppFS_Site_${SITE_HOSTNAME}.crt"
+		fi
+	)
 }
 
 function generate_selfsigned() {
 	read_password 'Password for Key: ' SITE_PASSWORD
 	read_text 'Site hostname: ' SITE_HOSTNAME
@@ -228,11 +240,16 @@
 	SITE_CERT_FILE="$3"
 
 	read_text 'AppFS Site Index file: ' SITE_INDEX_FILE
 	read_text 'Site Key filename: ' SITE_KEY_FILE
 	read_text 'Site Certificate filename: ' SITE_CERT_FILE
-	read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD
+
+	if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
+		read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD
+	else
+		SITE_PASSWORD=""
+	fi
 
 	export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD
 
 	call_appfsd --tcl "$(cat <<\_EOF_
 package require pki