Mercurial > dovecot > core-2.2
annotate doc/mkcert.sh @ 22916:432635b3ef52
login-common: ssl_require_crl works both ways
It applies for incoming and outgoing connections.
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Wed, 28 Feb 2018 14:22:04 +0200 |
parents | 46990210b870 |
children |
rev | line source |
---|---|
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 #!/bin/sh |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 # Generates a self-signed certificate. |
1242 | 4 # Edit dovecot-openssl.cnf before running this. |
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 |
21228
46990210b870
mkcert.sh: Use umask to create key file as 0600
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
4342
diff
changeset
|
6 umask 077 |
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 OPENSSL=${OPENSSL-openssl} |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 SSLDIR=${SSLDIR-/etc/ssl} |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 |
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
11 CERTDIR=$SSLDIR/certs |
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
12 KEYDIR=$SSLDIR/private |
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 |
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
14 CERTFILE=$CERTDIR/dovecot.pem |
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
15 KEYFILE=$KEYDIR/dovecot.pem |
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
16 |
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
17 if [ ! -d $CERTDIR ]; then |
1621 | 18 echo "$SSLDIR/certs directory doesn't exist" |
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
19 exit 1 |
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 fi |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 |
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
22 if [ ! -d $KEYDIR ]; then |
1621 | 23 echo "$SSLDIR/private directory doesn't exist" |
4342
b668848fff11
If cert/key directories don't exist, exit immediately instead of just
Timo Sirainen <tss@iki.fi>
parents:
2351
diff
changeset
|
24 exit 1 |
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 fi |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 if [ -f $CERTFILE ]; then |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 echo "$CERTFILE already exists, won't overwrite" |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 exit 1 |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 fi |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 if [ -f $KEYFILE ]; then |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 echo "$KEYFILE already exists, won't overwrite" |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 exit 1 |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 fi |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 |
2351
080ac35855d5
Make certificate valid for one year
Timo Sirainen <tss@iki.fi>
parents:
1893
diff
changeset
|
37 $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 |
657
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 chmod 0600 $KEYFILE |
85a888d2766e
Added script to easily generate self-signed certificate.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 echo |
756
17598099d9ac
Subject printing used wrong certificate file.
Timo Sirainen <tss@iki.fi>
parents:
665
diff
changeset
|
40 $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2 |