diff options
Diffstat (limited to 'debian/exim-gencert')
| -rwxr-xr-x | debian/exim-gencert | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/debian/exim-gencert b/debian/exim-gencert new file mode 100755 index 0000000..aeb4780 --- /dev/null +++ b/debian/exim-gencert @@ -0,0 +1,78 @@ +#!/bin/sh -e + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +DIR=/etc/exim4 +CERT=$DIR/exim.crt +KEY=$DIR/exim.key + +# This exim binary was built with GnuTLS which does not support dhparams +# from a file. See /usr/share/doc/exim4-base/README.Debian.gz +#DH=$DIR/exim.dhparam + +if ! command -v openssl > /dev/null ;then + echo "$0: openssl is not installed, exiting" 1>&2 + exit 1 +fi + +# valid for three years +DAYS=1095 + +if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then + echo "[*] $CERT and $KEY exists!" + echo " Use \"$0 --force\" to force generation!" + exit 0 +fi + +if [ "$1" = "--force" ]; then + shift +fi + +#SSLEAY=/tmp/exim.ssleay.$$.cnf +SSLEAY="$(mktemp)" + +cat > $SSLEAY <<EOM +RANDFILE = $HOME/.rnd +[ req ] +default_bits = 2048 +default_keyfile = exim.key +distinguished_name = req_distinguished_name +[ req_distinguished_name ] +countryName = Country Code (2 letters) +countryName_default = US +countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = State or Province Name (full name) +localityName = Locality Name (eg, city) +organizationName = Organization Name (eg, company; recommended) +organizationName_max = 64 +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_max = 64 +commonName = Server name (eg. ssl.domain.tld; required!!!) +commonName_max = 64 +emailAddress = Email Address +emailAddress_max = 40 +EOM + +echo "[*] Creating a self signed SSL certificate for Exim!" +echo " This may be sufficient to establish encrypted connections but for" +echo " secure identification you need to buy a real certificate!" +echo " " +echo " Please enter the hostname of your MTA at the Common Name (CN) prompt!" +echo " " + +openssl req -config $SSLEAY -x509 -newkey rsa:2048 -keyout $KEY -out $CERT -days $DAYS -nodes +#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH +rm -f $SSLEAY + +chown root:Debian-exim $KEY $CERT $DH +chmod 640 $KEY $CERT $DH + +echo "[*] Done generating self signed certificates for exim!" +echo " Refer to the documentation and example configuration files" +echo " over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS" +echo " support in your mail transfer agent." + |