path: root/localmksslcerts

#!/bin/sh
#
# /usr/local/sbin/localmkmailcerts
# Copyright 2001-2002 Jonas Smedegaard <dr@jones.dk>
#
# $Id: localmksslcerts,v 1.1 2002-03-29 01:04:11 jonas Exp $
#
# Generate certificates for mail servers
# Based on uw-imapd-ssl post-install script
#

prg=$(basename $0)
copyright="(C) 2001-2002 Jonas Smedegaard <dr@jones.dk>"

usage() {
echo "$prg, $copyright

Usage: $prg --fqdn <FQDN> [--issuer <issuer>] --daemon <daemon> [...] [--force]
   or: $prg -f <FQDN> -d [-i <issuer>] <daemon> [-d <daemon>...] [-f]
   or: $prg <FQDN> <daemon> [<daemon>...] [-f]

Options:
  -h, --fqdn    Fully Qualified Domain Name for this host.
  -d, --daemon  Daemon(s) in need for a certificate
                (separate certificate is generated for each daemon)
  -i, --issuer  Email address of the person responsible for the certificate
  -f, --force   Force overwriting existing certificate

If issuer is not given, \"postmaster@<localdomain>\" is used."
exit 1
}

# Set some defaults
CWD=`pwd`
PATH=$PATH:/usr/bin/ssl
COUNTRY='.'
STATE='.'
LOCALITY='.'
DAYS2EXPIRE=365

fqdn=''
daemons=''
issuer=''
force=''
args=''
while [ $# -gt 0 ]; do
    case $1 in
        --fqdn|-h)  fqdn="$2"; shift;;
        --daemon|-d)    daemons="$daemons$2 "; shift;;
        --issuer|-i)    issuer="$2";;
        --force|-f) force=1;;
        -*)     usage;;
        *)      args="$args$1 ";;
    esac
    shift
done
set -- $args

if [ -z $issuer ]; then
    DOMAINNAME=`hostname -d`
    ISSUER="postmaster@$DOMAINNAME"
fi

if [ -z $fqdn ]; then
    fqdn=$1
    shift
fi
set -- $daemons $args

if [ $# -lt 1 ]; then
    echo "Too few parameters!"
    usage
fi

cd /etc/ssl/certs
for daemon in $@; do
    if [ -f $daemon.pem ]; then
        if [ -n $force ]; then
            rm -f `openssl x509 -noout -hash < $daemon.pem`.0
            rm -f $daemon.pem
        else
            echo "You already have /etc/ssl/certs/$daemon.pem - exiting...!"
            exit 1
        fi
    else
        echo -n "Generating $daemon certificate..."
        openssl req -new -x509 -nodes -out $daemon.pem -keyout $daemon.pem -days $DAYS2EXPIRE > /dev/null 2>&1 <<+
$COUNTRY
$STATE
$LOCALITY
$fqdn
$fqdn
$fqdn
$issuer
+
        ln -sf $daemon.pem `openssl x509 -noout -hash < $daemon.pem`.0
        echo "Done!"
    fi

    chown root.root /etc/ssl/certs/$daemon.pem
    chmod 0640 /etc/ssl/certs/$daemon.pem
done

cd $CWD