diff options
| -rwxr-xr-x | localmkmailcerts | 47 | ||||
| -rwxr-xr-x | localmksslcerts | 104 |
2 files changed, 104 insertions, 47 deletions
diff --git a/localmkmailcerts b/localmkmailcerts deleted file mode 100755 index 7b5e3b4..0000000 --- a/localmkmailcerts +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# -# /usr/local/sbin/localmkmailcerts -# Copyright 2001-2002 Jonas Smedegaard <dr@jones.dk> -# -# $Id: localmkmailcerts,v 1.1 2002-03-07 16:22:51 jonas Exp $ -# -# Generate certificates for mail servers -# Based on uw-imapd-ssl post-install script -# - -CWD=`pwd` -PATH=$PATH:/usr/bin/ssl -COUNTRY='.' -STATE='.' -LOCALITY='.' -DOMAINNAME=`hostname -d` -#HOSTNAME=`hostname -s` -HOSTNAME="mail.$DOMAINNAME" -ISSUER="postmaster@$DOMAINNAME" -DAYS2EXPIRE=365 -DAEMONS="imapd ipop3d" - -cd /etc/ssl/certs -for DAEMON in $DAEMONS; do - if [ -f $DAEMON.pem ]; then - echo "You already have /etc/ssl/certs/$DAEMON.pem - ignoring certificate generation" - else - echo -n "Generating $DAEMON certificate..." - openssl req -new -x509 -nodes -out $DAEMON.pem -keyout $DAEMON.pem -days $DAYS2EXPIRE > /dev/null 2>&1 <<+ -$COUNTRY -$STATE -$LOCALITY -$HOSTNAME -$HOSTNAME -$HOSTNAME -$ISSUER -+ - ln -sf $DAEMON.pem `openssl x509 -noout -hash < $DAEMON.pem`.0 - echo "Done!" - fi - - chown root.root /etc/ssl/certs/$DAEMON.pem - chmod 0640 /etc/ssl/certs/$DAEMON.pem -done - -cd $CWD diff --git a/localmksslcerts b/localmksslcerts new file mode 100755 index 0000000..36bcf9c --- /dev/null +++ b/localmksslcerts @@ -0,0 +1,104 @@ +#!/bin/sh +# +# /usr/local/sbin/localmkmailcerts +# Copyright 2001-2002 Jonas Smedegaard <dr@jones.dk> +# +# $Id: localmksslcerts,v 1.1 2002-03-29 01:04:11 jonas Exp $ +# +# Generate certificates for mail servers +# Based on uw-imapd-ssl post-install script +# + +prg=$(basename $0) +copyright="(C) 2001-2002 Jonas Smedegaard <dr@jones.dk>" + +usage() { +echo "$prg, $copyright + +Usage: $prg --fqdn <FQDN> [--issuer <issuer>] --daemon <daemon> [...] [--force] + or: $prg -f <FQDN> -d [-i <issuer>] <daemon> [-d <daemon>...] [-f] + or: $prg <FQDN> <daemon> [<daemon>...] [-f] + +Options: + -h, --fqdn Fully Qualified Domain Name for this host. + -d, --daemon Daemon(s) in need for a certificate + (separate certificate is generated for each daemon) + -i, --issuer Email address of the person responsible for the certificate + -f, --force Force overwriting existing certificate + +If issuer is not given, \"postmaster@<localdomain>\" is used." +exit 1 +} + +# Set some defaults +CWD=`pwd` +PATH=$PATH:/usr/bin/ssl +COUNTRY='.' +STATE='.' +LOCALITY='.' +DAYS2EXPIRE=365 + +fqdn='' +daemons='' +issuer='' +force='' +args='' +while [ $# -gt 0 ]; do + case $1 in + --fqdn|-h) fqdn="$2"; shift;; + --daemon|-d) daemons="$daemons$2 "; shift;; + --issuer|-i) issuer="$2";; + --force|-f) force=1;; + -*) usage;; + *) args="$args$1 ";; + esac + shift +done +set -- $args + +if [ -z $issuer ]; then + DOMAINNAME=`hostname -d` + ISSUER="postmaster@$DOMAINNAME" +fi + +if [ -z $fqdn ]; then + fqdn=$1 + shift +fi +set -- $daemons $args + +if [ $# -lt 1 ]; then + echo "Too few parameters!" + usage +fi + +cd /etc/ssl/certs +for daemon in $@; do + if [ -f $daemon.pem ]; then + if [ -n $force ]; then + rm -f `openssl x509 -noout -hash < $daemon.pem`.0 + rm -f $daemon.pem + else + echo "You already have /etc/ssl/certs/$daemon.pem - exiting...!" + exit 1 + fi + else + echo -n "Generating $daemon certificate..." + openssl req -new -x509 -nodes -out $daemon.pem -keyout $daemon.pem -days $DAYS2EXPIRE > /dev/null 2>&1 <<+ +$COUNTRY +$STATE +$LOCALITY +$fqdn +$fqdn +$fqdn +$issuer ++ + ln -sf $daemon.pem `openssl x509 -noout -hash < $daemon.pem`.0 + echo "Done!" + fi + + chown root.root /etc/ssl/certs/$daemon.pem + chmod 0640 /etc/ssl/certs/$daemon.pem +done + +cd $CWD |