3 if [ -n "$EX4DEBUG" ]; then
4 echo "now debugging $0 $@"
12 # This exim binary was built with GnuTLS which does not support dhparams
13 # from a file. See /usr/share/doc/exim4-base/README.Debian.gz
16 if ! which openssl
> /dev
/null
;then
17 echo "$0: openssl is not installed, exiting" 1>&2
21 # valid for three years
24 if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
25 echo "[*] $CERT and $KEY exists!"
26 echo " Use \"$0 --force\" to force generation!"
30 if [ "$1" = "--force" ]; then
34 #SSLEAY=/tmp/exim.ssleay.$$.cnf
35 SSLEAY
="$(tempfile -m600 -pexi)"
41 default_keyfile = exim.key
42 distinguished_name = req_distinguished_name
43 [ req_distinguished_name ]
44 countryName = Country Code (2 letters)
45 countryName_default = US
48 stateOrProvinceName = State or Province Name (full name)
49 localityName = Locality Name (eg, city)
50 organizationName = Organization Name (eg, company; recommended)
51 organizationName_max = 64
52 organizationalUnitName = Organizational Unit Name (eg, section)
53 organizationalUnitName_max = 64
54 commonName = Server name (eg. ssl.domain.tld; required!!!)
56 emailAddress = Email Address
60 echo "[*] Creating a self signed SSL certificate for Exim!"
61 echo " This may be sufficient to establish encrypted connections but for"
62 echo " secure identification you need to buy a real certificate!"
64 echo " Please enter the hostname of your MTA at the Common Name (CN) prompt!"
67 openssl req
-config $SSLEAY -x509 -newkey rsa
:2048 -keyout $KEY -out $CERT -days $DAYS -nodes
68 #see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
71 chown root
:Debian-exim
$KEY $CERT $DH
72 chmod 640 $KEY $CERT $DH
74 echo "[*] Done generating self signed certificates for exim!"
75 echo " Refer to the documentation and example configuration files"
76 echo " over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
77 echo " support in your mail transfer agent."