Commit | Line | Data |
---|---|---|
de45f55a AM |
1 | #!/bin/sh -e |
2 | ||
3 | if [ -n "$EX4DEBUG" ]; then | |
4 | echo "now debugging $0 $@" | |
5 | set -x | |
6 | fi | |
7 | ||
8 | DIR=/etc/exim4 | |
9 | CERT=$DIR/exim.crt | |
10 | KEY=$DIR/exim.key | |
11 | ||
12 | # This exim binary was built with GnuTLS which does not support dhparams | |
13 | # from a file. See /usr/share/doc/exim4-base/README.Debian.gz | |
14 | #DH=$DIR/exim.dhparam | |
15 | ||
16 | if ! which openssl > /dev/null ;then | |
17 | echo "$0: openssl is not installed, exiting" 1>&2 | |
18 | exit 1 | |
19 | fi | |
20 | ||
21 | # valid for three years | |
22 | DAYS=1095 | |
23 | ||
24 | if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then | |
25 | echo "[*] $CERT and $KEY exists!" | |
26 | echo " Use \"$0 --force\" to force generation!" | |
27 | exit 0 | |
28 | fi | |
29 | ||
30 | if [ "$1" = "--force" ]; then | |
31 | shift | |
32 | fi | |
33 | ||
34 | #SSLEAY=/tmp/exim.ssleay.$$.cnf | |
35 | SSLEAY="$(tempfile -m600 -pexi)" | |
36 | ||
37 | cat > $SSLEAY <<EOM | |
38 | RANDFILE = $HOME/.rnd | |
39 | [ req ] | |
40 | default_bits = 2048 | |
41 | default_keyfile = exim.key | |
42 | distinguished_name = req_distinguished_name | |
43 | [ req_distinguished_name ] | |
44 | countryName = Country Code (2 letters) | |
45 | countryName_default = US | |
46 | countryName_min = 2 | |
47 | countryName_max = 2 | |
48 | stateOrProvinceName = State or Province Name (full name) | |
49 | localityName = Locality Name (eg, city) | |
50 | organizationName = Organization Name (eg, company; recommended) | |
51 | organizationName_max = 64 | |
52 | organizationalUnitName = Organizational Unit Name (eg, section) | |
53 | organizationalUnitName_max = 64 | |
54 | commonName = Server name (eg. ssl.domain.tld; required!!!) | |
55 | commonName_max = 64 | |
56 | emailAddress = Email Address | |
57 | emailAddress_max = 40 | |
58 | EOM | |
59 | ||
60 | echo "[*] Creating a self signed SSL certificate for Exim!" | |
61 | echo " This may be sufficient to establish encrypted connections but for" | |
62 | echo " secure identification you need to buy a real certificate!" | |
63 | echo " " | |
64 | echo " Please enter the hostname of your MTA at the Common Name (CN) prompt!" | |
65 | echo " " | |
66 | ||
67 | openssl req -config $SSLEAY -x509 -newkey rsa:2048 -keyout $KEY -out $CERT -days $DAYS -nodes | |
68 | #see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH | |
69 | rm -f $SSLEAY | |
70 | ||
71 | chown root:Debian-exim $KEY $CERT $DH | |
72 | chmod 640 $KEY $CERT $DH | |
73 | ||
74 | echo "[*] Done generating self signed certificates for exim!" | |
75 | echo " Refer to the documentation and example configuration files" | |
76 | echo " over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS" | |
77 | echo " support in your mail transfer agent." | |
78 |