[hcoop/debian/exim4.git] / debian / exim-gencert

#!/bin/sh -e

if [ -n "$EX4DEBUG" ]; then
  echo "now debugging $0 $@"
  set -x
fi

DIR=/etc/exim4
CERT=$DIR/exim.crt
KEY=$DIR/exim.key

# This exim binary was built with GnuTLS which does not support dhparams
# from a file. See /usr/share/doc/exim4-base/README.Debian.gz
#DH=$DIR/exim.dhparam

if ! which openssl > /dev/null ;then
	echo "$0: openssl is not installed, exiting" 1>&2
	exit 1
fi

# valid for three years
DAYS=1095

if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
  echo "[*] $CERT and $KEY exists!"
  echo "    Use \"$0 --force\" to force generation!"
  exit 0
fi

if [ "$1" = "--force" ]; then
  shift
fi     

#SSLEAY=/tmp/exim.ssleay.$$.cnf
SSLEAY="$(tempfile -m600 -pexi)"

cat > $SSLEAY <<EOM
RANDFILE = $HOME/.rnd
[ req ]
default_bits = 2048
default_keyfile = exim.key
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Code (2 letters)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company; recommended)
organizationName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_max = 64
commonName = Server name (eg. ssl.domain.tld; required!!!)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
EOM

echo "[*] Creating a self signed SSL certificate for Exim!"
echo "    This may be sufficient to establish encrypted connections but for"
echo "    secure identification you need to buy a real certificate!"
echo "    "
echo "    Please enter the hostname of your MTA at the Common Name (CN) prompt!"
echo "    "

openssl req -config $SSLEAY -x509 -newkey rsa:2048 -keyout $KEY -out $CERT -days $DAYS -nodes
#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
rm -f $SSLEAY

chown root:Debian-exim $KEY $CERT $DH
chmod 640 $KEY $CERT $DH

echo "[*] Done generating self signed certificates for exim!"
echo "    Refer to the documentation and example configuration files"
echo "    over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
echo "    support in your mail transfer agent."
Commit	Line	Data
de45f55a AM	1	#!/bin/sh -e
	2
	3	if [ -n "$EX4DEBUG" ]; then
	4	echo "now debugging $0 $@"
	5	set -x
	6	fi
	7
	8	DIR=/etc/exim4
	9	CERT=$DIR/exim.crt
	10	KEY=$DIR/exim.key
	11
	12	# This exim binary was built with GnuTLS which does not support dhparams
	13	# from a file. See /usr/share/doc/exim4-base/README.Debian.gz
	14	#DH=$DIR/exim.dhparam
	15
	16	if ! which openssl > /dev/null ;then
	17	echo "$0: openssl is not installed, exiting" 1>&2
	18	exit 1
	19	fi
	20
	21	# valid for three years
	22	DAYS=1095
	23
	24	if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
	25	echo "[*] $CERT and $KEY exists!"
	26	echo " Use \"$0 --force\" to force generation!"
	27	exit 0
	28	fi
	29
	30	if [ "$1" = "--force" ]; then
	31	shift
	32	fi
	33
	34	#SSLEAY=/tmp/exim.ssleay.$$.cnf
	35	SSLEAY="$(tempfile -m600 -pexi)"
	36
	37	cat > $SSLEAY <<EOM
	38	RANDFILE = $HOME/.rnd
	39	[ req ]
	40	default_bits = 2048
	41	default_keyfile = exim.key
	42	distinguished_name = req_distinguished_name
	43	[ req_distinguished_name ]
	44	countryName = Country Code (2 letters)
	45	countryName_default = US
	46	countryName_min = 2
	47	countryName_max = 2
	48	stateOrProvinceName = State or Province Name (full name)
	49	localityName = Locality Name (eg, city)
	50	organizationName = Organization Name (eg, company; recommended)
	51	organizationName_max = 64
	52	organizationalUnitName = Organizational Unit Name (eg, section)
	53	organizationalUnitName_max = 64
	54	commonName = Server name (eg. ssl.domain.tld; required!!!)
	55	commonName_max = 64
	56	emailAddress = Email Address
	57	emailAddress_max = 40
	58	EOM
	59
	60	echo "[*] Creating a self signed SSL certificate for Exim!"
	61	echo " This may be sufficient to establish encrypted connections but for"
	62	echo " secure identification you need to buy a real certificate!"
	63	echo " "
	64	echo " Please enter the hostname of your MTA at the Common Name (CN) prompt!"
65	echo " "
66
67	openssl req -config $SSLEAY -x509 -newkey rsa:2048 -keyout $KEY -out $CERT -days $DAYS -nodes
68	#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
69	rm -f $SSLEAY
70
71	chown root:Debian-exim $KEY $CERT $DH
72	chmod 640 $KEY $CERT $DH
73
74	echo "[*] Done generating self signed certificates for exim!"
75	echo " Refer to the documentation and example configuration files"
76	echo " over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
77	echo " support in your mail transfer agent."
78