blob: 894e9da02e59249e148ee568ec0dfd7e0d0ad405 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#!/bin/sh -e
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
DIR=/etc/exim4
CERT=$DIR/exim.crt
KEY=$DIR/exim.key
# This exim binary was built with GnuTLS which does not support dhparams
# from a file. See /usr/share/doc/exim4-base/README.Debian.gz
#DH=$DIR/exim.dhparam
if ! which openssl > /dev/null ;then
echo "$0: openssl is not installed, exiting" 1>&2
exit 1
fi
# valid for three years
DAYS=1095
if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
echo "[*] $CERT and $KEY exists!"
echo " Use \"$0 --force\" to force generation!"
exit 0
fi
if [ "$1" = "--force" ]; then
shift
fi
#SSLEAY=/tmp/exim.ssleay.$$.cnf
SSLEAY="$(tempfile -m600 -pexi)"
cat > $SSLEAY <<EOM
RANDFILE = $HOME/.rnd
[ req ]
default_bits = 2048
default_keyfile = exim.key
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Code (2 letters)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company; recommended)
organizationName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_max = 64
commonName = Server name (eg. ssl.domain.tld; required!!!)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
EOM
echo "[*] Creating a self signed SSL certificate for Exim!"
echo " This may be sufficient to establish encrypted connections but for"
echo " secure identification you need to buy a real certificate!"
echo " "
echo " Please enter the hostname of your MTA at the Common Name (CN) prompt!"
echo " "
openssl req -config $SSLEAY -x509 -newkey rsa:2048 -keyout $KEY -out $CERT -days $DAYS -nodes
#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
rm -f $SSLEAY
chown root:Debian-exim $KEY $CERT $DH
chmod 640 $KEY $CERT $DH
echo "[*] Done generating self signed certificates for exim!"
echo " Refer to the documentation and example configuration files"
echo " over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
echo " support in your mail transfer agent."
|