summaryrefslogtreecommitdiff
path: root/localmksslcerts
blob: 2c03cb5ae533916ebf81830ec60e389e7cdd5843 (plain) 
    

  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # /usr/local/sbin/localmkmailcerts
    4. 

  4. # Copyright 2001-2002 Jonas Smedegaard <dr@jones.dk>
    5. 

  5. #
    6. 

  6. # $Id: localmksslcerts,v 1.2 2002-03-29 01:11:20 jonas Exp $
    7. 

  7. #
    8. 

  8. # Generate certificates for mail servers
    9. 

  9. # Based on uw-imapd-ssl post-install script
    10. 

  10. #
    11. 

  11. 

  12. prg=$(basename $0)
    13. 

  13. copyright="(C) 2001-2002 Jonas Smedegaard <dr@jones.dk>"
    14. 

  14. 

  15. usage() {
    16. 

  16. echo "$prg, $copyright
    17. 

  17. 

  18. Usage: $prg --fqdn <FQDN> [--issuer <issuer>] --daemon <daemon> [...] [--force]
    19. 

  19.    or: $prg -d <daemon> [-d <daemon>...] [-i <issuer>] [-f] <FQDN>
    20. 

  20.    or: $prg <FQDN> <daemon> [<daemon>...] [-f]
    21. 

  21. 

  22. Options:
    23. 

  23.   -h, --fqdn    Fully Qualified Domain Name for this host.
    24. 

  24.   -d, --daemon  Daemon(s) in need for a certificate
    25. 

  25.                 (separate certificate is generated for each daemon)
    26. 

  26.   -i, --issuer  Email address of the person responsible for the certificate
    27. 

  27.   -f, --force   Force overwriting existing certificate
    28. 

  28.   -h, --help    This help text
    29. 

  29. 

  30. If issuer is not given, \"postmaster@<localdomain>\" is used."
    31. 

  31. exit 1
    32. 

  32. }
    33. 

  33. 

  34. # Set some defaults
    35. 

  35. CWD=`pwd`
    36. 

  36. PATH=$PATH:/usr/bin/ssl
    37. 

  37. COUNTRY='.'
    38. 

  38. STATE='.'
    39. 

  39. LOCALITY='.'
    40. 

  40. DAYS2EXPIRE=365
    41. 

  41. 

  42. fqdn=''
    43. 

  43. daemons=''
    44. 

  44. issuer=''
    45. 

  45. force=''
    46. 

  46. args=''
    47. 

  47. while [ $# -gt 0 ]; do
    48. 

  48.     case $1 in
    49. 

  49.         --fqdn)     fqdn="$2"; shift;;
    50. 

  50.         --daemon|-d)    daemons="$daemons$2 "; shift;;
    51. 

  51.         --issuer|-i)    issuer="$2";;
    52. 

  52.         --force|-f) force=1;;
    53. 

  53.         -*)     usage;;
    54. 

  54.         *)      args="$args$1 ";;
    55. 

  55.     esac
    56. 

  56.     shift
    57. 

  57. done
    58. 

  58. set -- $args
    59. 

  59. 

  60. if [ -z $issuer ]; then
    61. 

  61.     DOMAINNAME=`hostname -d`
    62. 

  62.     ISSUER="postmaster@$DOMAINNAME"
    63. 

  63. fi
    64. 

  64. 

  65. if [ -z $fqdn ]; then
    66. 

  66.     fqdn=$1
    67. 

  67.     shift
    68. 

  68. fi
    69. 

  69. set -- $daemons $args
    70. 

  70. 

  71. if [ $# -lt 1 ]; then
    72. 

  72.     echo "Too few parameters!"
    73. 

  73.     usage
    74. 

  74. fi
    75. 

  75. 

  76. cd /etc/ssl/certs
    77. 

  77. for daemon in $@; do
    78. 

  78.     if [ -f $daemon.pem ]; then
    79. 

  79.         if [ -n $force ]; then
    80. 

  80.             rm -f `openssl x509 -noout -hash < $daemon.pem`.0
    81. 

  81.             rm -f $daemon.pem
    82. 

  82.         else
    83. 

  83.             echo "You already have /etc/ssl/certs/$daemon.pem - exiting...!"
    84. 

  84.             exit 1
    85. 

  85.         fi
    86. 

  86.     else
    87. 

  87.         echo -n "Generating $daemon certificate..."
    88. 

  88.         openssl req -new -x509 -nodes -out $daemon.pem -keyout $daemon.pem -days $DAYS2EXPIRE > /dev/null 2>&1 <<+
    89. 

  89. $COUNTRY
    90. 

  90. $STATE
    91. 

  91. $LOCALITY
    92. 

  92. $fqdn
    93. 

  93. $fqdn
    94. 

  94. $fqdn
    95. 

  95. $issuer
    96. 

  96. +
    97. 

  97.         ln -sf $daemon.pem `openssl x509 -noout -hash < $daemon.pem`.0
    98. 

  98.         echo "Done!"
    99. 

  99.     fi
    100. 

  100. 

  101.     chown root.root /etc/ssl/certs/$daemon.pem
    102. 

  102.     chmod 0640 /etc/ssl/certs/$daemon.pem
    103. 

  103. done
    104. 

  104. 

  105. cd $CWD
    106.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 04:07:55 +0000