#!/bin/sh
#
# /usr/local/sbin/localmkmailcerts
# Copyright 2001-2002 Jonas Smedegaard <dr@jones.dk>
#
# $Id: localmkmailcerts,v 1.1 2002-03-07 16:22:51 jonas Exp $
#
# Generate certificates for mail servers
# Based on uw-imapd-ssl post-install script
#

CWD=`pwd`
PATH=$PATH:/usr/bin/ssl
COUNTRY='.'
STATE='.'
LOCALITY='.'
DOMAINNAME=`hostname -d`
#HOSTNAME=`hostname -s`
HOSTNAME="mail.$DOMAINNAME"
ISSUER="postmaster@$DOMAINNAME"
DAYS2EXPIRE=365
DAEMONS="imapd ipop3d"

cd /etc/ssl/certs
for DAEMON in $DAEMONS; do
	if [ -f $DAEMON.pem ]; then
		echo "You already have /etc/ssl/certs/$DAEMON.pem - ignoring certificate generation"
	else
		echo -n "Generating $DAEMON certificate..."
		openssl req -new -x509 -nodes -out $DAEMON.pem -keyout $DAEMON.pem -days $DAYS2EXPIRE > /dev/null 2>&1 <<+
$COUNTRY
$STATE
$LOCALITY
$HOSTNAME
$HOSTNAME
$HOSTNAME
$ISSUER
+
		ln -sf $DAEMON.pem `openssl x509 -noout -hash < $DAEMON.pem`.0
		echo "Done!"
	fi

	chown root.root /etc/ssl/certs/$DAEMON.pem
	chmod 0640 /etc/ssl/certs/$DAEMON.pem
done

cd $CWD