Mercurial > dovecot > core-2.2
annotate doc/mkcert.sh @ 22503:2a6a6cfe8af6
notify-status: Provide access to all easy fields
| author | Aki Tuomi <aki.tuomi@dovecot.fi> |
|---|---|
| date | Mon, 04 Sep 2017 15:32:24 +0300 |
| parents | 46990210b870 |
| children |
| rev | line source |
|---|---|
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 #!/bin/sh |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 # Generates a self-signed certificate. |
| 1242 | 4 # Edit dovecot-openssl.cnf before running this. |
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 |
|
21228
46990210b870
mkcert.sh: Use umask to create key file as 0600
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
4342
diff
changeset
|
6 umask 077 |
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 OPENSSL=${OPENSSL-openssl} |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 SSLDIR=${SSLDIR-/etc/ssl} |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 |
|
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
11 CERTDIR=$SSLDIR/certs |
|
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
12 KEYDIR=$SSLDIR/private |
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 |
|
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
14 CERTFILE=$CERTDIR/dovecot.pem |
|
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
15 KEYFILE=$KEYDIR/dovecot.pem |
|
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
16 |
|
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
17 if [ ! -d $CERTDIR ]; then |
| 1621 | 18 echo "$SSLDIR/certs directory doesn't exist" |
|
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
19 exit 1 |
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 fi |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 |
|
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
22 if [ ! -d $KEYDIR ]; then |
| 1621 | 23 echo "$SSLDIR/private directory doesn't exist" |
|
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
24 exit 1 |
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 fi |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 if [ -f $CERTFILE ]; then |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 echo "$CERTFILE already exists, won't overwrite" |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 exit 1 |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 fi |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 if [ -f $KEYFILE ]; then |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 echo "$KEYFILE already exists, won't overwrite" |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 exit 1 |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 fi |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 |
|
2351
080ac35855d5
Make certificate valid for one year
Timo Sirainen <tss@iki.fi>
parents:
1893
diff
changeset
|
37 $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 |
|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 chmod 0600 $KEYFILE |
|
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 echo |
|
756
17598099d9ac
Subject printing used wrong certificate file.
Timo Sirainen <tss@iki.fi>
parents:
665
diff
changeset
|
40 $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2 |