summaryrefslogtreecommitdiffstats
path: root/debian/exim-gencert
diff options
context:
space:
mode:
Diffstat (limited to 'debian/exim-gencert')
-rwxr-xr-xdebian/exim-gencert78
1 files changed, 78 insertions, 0 deletions
diff --git a/debian/exim-gencert b/debian/exim-gencert
new file mode 100755
index 0000000..aeb4780
--- /dev/null
+++ b/debian/exim-gencert
@@ -0,0 +1,78 @@
+#!/bin/sh -e
+
+if [ -n "$EX4DEBUG" ]; then
+ echo "now debugging $0 $@"
+ set -x
+fi
+
+DIR=/etc/exim4
+CERT=$DIR/exim.crt
+KEY=$DIR/exim.key
+
+# This exim binary was built with GnuTLS which does not support dhparams
+# from a file. See /usr/share/doc/exim4-base/README.Debian.gz
+#DH=$DIR/exim.dhparam
+
+if ! command -v openssl > /dev/null ;then
+ echo "$0: openssl is not installed, exiting" 1>&2
+ exit 1
+fi
+
+# valid for three years
+DAYS=1095
+
+if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
+ echo "[*] $CERT and $KEY exists!"
+ echo " Use \"$0 --force\" to force generation!"
+ exit 0
+fi
+
+if [ "$1" = "--force" ]; then
+ shift
+fi
+
+#SSLEAY=/tmp/exim.ssleay.$$.cnf
+SSLEAY="$(mktemp)"
+
+cat > $SSLEAY <<EOM
+RANDFILE = $HOME/.rnd
+[ req ]
+default_bits = 2048
+default_keyfile = exim.key
+distinguished_name = req_distinguished_name
+[ req_distinguished_name ]
+countryName = Country Code (2 letters)
+countryName_default = US
+countryName_min = 2
+countryName_max = 2
+stateOrProvinceName = State or Province Name (full name)
+localityName = Locality Name (eg, city)
+organizationName = Organization Name (eg, company; recommended)
+organizationName_max = 64
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_max = 64
+commonName = Server name (eg. ssl.domain.tld; required!!!)
+commonName_max = 64
+emailAddress = Email Address
+emailAddress_max = 40
+EOM
+
+echo "[*] Creating a self signed SSL certificate for Exim!"
+echo " This may be sufficient to establish encrypted connections but for"
+echo " secure identification you need to buy a real certificate!"
+echo " "
+echo " Please enter the hostname of your MTA at the Common Name (CN) prompt!"
+echo " "
+
+openssl req -config $SSLEAY -x509 -newkey rsa:2048 -keyout $KEY -out $CERT -days $DAYS -nodes
+#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
+rm -f $SSLEAY
+
+chown root:Debian-exim $KEY $CERT $DH
+chmod 640 $KEY $CERT $DH
+
+echo "[*] Done generating self signed certificates for exim!"
+echo " Refer to the documentation and example configuration files"
+echo " over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
+echo " support in your mail transfer agent."
+