#!/bin/sh # # /usr/local/sbin/localmkmailcerts # Copyright 2001-2002 Jonas Smedegaard # # $Id: localmksslcerts,v 1.1 2002-03-29 01:04:11 jonas Exp $ # # Generate certificates for mail servers # Based on uw-imapd-ssl post-install script # prg=$(basename $0) copyright="(C) 2001-2002 Jonas Smedegaard " usage() { echo "$prg, $copyright Usage: $prg --fqdn [--issuer ] --daemon [...] [--force] or: $prg -f -d [-i ] [-d ...] [-f] or: $prg [...] [-f] Options: -h, --fqdn Fully Qualified Domain Name for this host. -d, --daemon Daemon(s) in need for a certificate (separate certificate is generated for each daemon) -i, --issuer Email address of the person responsible for the certificate -f, --force Force overwriting existing certificate If issuer is not given, \"postmaster@\" is used." exit 1 } # Set some defaults CWD=`pwd` PATH=$PATH:/usr/bin/ssl COUNTRY='.' STATE='.' LOCALITY='.' DAYS2EXPIRE=365 fqdn='' daemons='' issuer='' force='' args='' while [ $# -gt 0 ]; do case $1 in --fqdn|-h) fqdn="$2"; shift;; --daemon|-d) daemons="$daemons$2 "; shift;; --issuer|-i) issuer="$2";; --force|-f) force=1;; -*) usage;; *) args="$args$1 ";; esac shift done set -- $args if [ -z $issuer ]; then DOMAINNAME=`hostname -d` ISSUER="postmaster@$DOMAINNAME" fi if [ -z $fqdn ]; then fqdn=$1 shift fi set -- $daemons $args if [ $# -lt 1 ]; then echo "Too few parameters!" usage fi cd /etc/ssl/certs for daemon in $@; do if [ -f $daemon.pem ]; then if [ -n $force ]; then rm -f `openssl x509 -noout -hash < $daemon.pem`.0 rm -f $daemon.pem else echo "You already have /etc/ssl/certs/$daemon.pem - exiting...!" exit 1 fi else echo -n "Generating $daemon certificate..." openssl req -new -x509 -nodes -out $daemon.pem -keyout $daemon.pem -days $DAYS2EXPIRE > /dev/null 2>&1 <<+ $COUNTRY $STATE $LOCALITY $fqdn $fqdn $fqdn $issuer + ln -sf $daemon.pem `openssl x509 -noout -hash < $daemon.pem`.0 echo "Done!" fi chown root.root /etc/ssl/certs/$daemon.pem chmod 0640 /etc/ssl/certs/$daemon.pem done cd $CWD