debian/exim-gencert

   1 #!/bin/sh -e
   2
   3 if [ -n "$EX4DEBUG" ]; then
   4   echo "now debugging $0 $@"
   5   set -x
   6 fi
   7
   8 DIR=/etc/exim4
   9 CERT=$DIR/exim.crt
  10 KEY=$DIR/exim.key
  11
  12 # This exim binary was built with GnuTLS which does not support dhparams
  13 # from a file. See /usr/share/doc/exim4-base/README.Debian.gz
  14 #DH=$DIR/exim.dhparam
  15
  16 if ! which openssl > /dev/null ;then
  17         echo "$0: openssl is not installed, exiting" 1>&2
  18         exit 1
  19 fi
  20
  21 # valid for three years
  22 DAYS=1095
  23
  24 if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
  25   echo "[*] $CERT and $KEY exists!"
  26   echo "    Use \"$0 --force\" to force generation!"
  27   exit 0
  28 fi
  29
  30 if [ "$1" = "--force" ]; then
  31   shift
  32 fi
  33
  34 #SSLEAY=/tmp/exim.ssleay.$$.cnf
  35 SSLEAY="$(tempfile -m600 -pexi)"
  36
  37 cat > $SSLEAY <<EOM
  38 RANDFILE = $HOME/.rnd
  39 [ req ]
  40 default_bits = 2048
  41 default_keyfile = exim.key
  42 distinguished_name = req_distinguished_name
  43 [ req_distinguished_name ]
  44 countryName = Country Code (2 letters)
  45 countryName_default = US
  46 countryName_min = 2
  47 countryName_max = 2
  48 stateOrProvinceName = State or Province Name (full name)
  49 localityName = Locality Name (eg, city)
  50 organizationName = Organization Name (eg, company; recommended)
  51 organizationName_max = 64
  52 organizationalUnitName = Organizational Unit Name (eg, section)
  53 organizationalUnitName_max = 64
  54 commonName = Server name (eg. ssl.domain.tld; required!!!)
  55 commonName_max = 64
  56 emailAddress = Email Address
  57 emailAddress_max = 40
  58 EOM
  59
  60 echo "[*] Creating a self signed SSL certificate for Exim!"
  61 echo "    This may be sufficient to establish encrypted connections but for"
  62 echo "    secure identification you need to buy a real certificate!"
  63 echo "    "
  64 echo "    Please enter the hostname of your MTA at the Common Name (CN) prompt!"
  65 echo "    "
  66
  67 openssl req -config $SSLEAY -x509 -newkey rsa:2048 -keyout $KEY -out $CERT -days $DAYS -nodes
  68 #see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
  69 rm -f $SSLEAY
  70
  71 chown root:Debian-exim $KEY $CERT $DH
  72 chmod 640 $KEY $CERT $DH
  73
  74 echo "[*] Done generating self signed certificates for exim!"
  75 echo "    Refer to the documentation and example configuration files"
  76 echo "    over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
  77 echo "    support in your mail transfer agent."
  78