# HG changeset patch # User Timo Sirainen # Date 1038175673 -7200 # Node ID 85a888d2766ef56e71aa3531e88f736370aa08d4 # Parent da039ae2cfd18f9e18493b91d7965e2033959684 Added script to easily generate self-signed certificate. diff -r da039ae2cfd1 -r 85a888d2766e configure.in --- a/configure.in Sun Nov 24 22:05:06 2002 +0200 +++ b/configure.in Mon Nov 25 00:07:53 2002 +0200 @@ -121,6 +121,12 @@ want_openssl=yes ]) +AC_ARG_WITH(ssldir, +[ --with-ssldir=DIR SSL base directory for certificates (/etc/ssl)], + ssldir="$withval", + ssldir=/etc/ssl +) + dnl ** dnl ** just some generic stuff... dnl ** diff -r da039ae2cfd1 -r 85a888d2766e doc/Makefile.am --- a/doc/Makefile.am Sun Nov 24 22:05:06 2002 +0200 +++ b/doc/Makefile.am Mon Nov 25 00:07:53 2002 +0200 @@ -10,4 +10,6 @@ nfs.txt EXTRA_DIST = \ + mkcert.sh \ + dovecot-openssl.cnf \ $(doc_DATA) diff -r da039ae2cfd1 -r 85a888d2766e doc/dovecot-openssl.cnf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/dovecot-openssl.cnf Mon Nov 25 00:07:53 2002 +0200 @@ -0,0 +1,31 @@ +[ req ] +default_bits = 1024 +encrypt_key = yes +distinguished_name = req_dn +x509_extensions = cert_type +prompt = no + +[ req_dn ] +# country (2 letter code) +#C=FI + +# State or Province Name (full name) +#ST= + +# Locality Name (eg. city) +#L=Helsinki + +# Organization (eg. company) +#O=Dovecot + +# Organizational Unit Name (eg. section) +OU=IMAP server + +# Common Name (*.example.com is also possible) +CN=imap.example.com + +# E-mail contact +emailAddress=postmaster@example.com + +[ cert_type ] +nsCertType = server diff -r da039ae2cfd1 -r 85a888d2766e doc/mkcert.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/mkcert.sh Mon Nov 25 00:07:53 2002 +0200 @@ -0,0 +1,33 @@ +#!/bin/sh + +# Generates a self-signed certificate. + +OPENSSL=${OPENSSL-openssl} +SSLDIR=${SSLDIR-/etc/ssl} +OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} + +CERTFILE=$SSLDIR/certs/dovecot.cer +KEYFILE=$SSLDIR/private/dovecot.key + +if [ ! -d $SSLDIR/certs ]; then + echo $SSLDIR/certs directory doesn't exist +fi + +if [ ! -d $SSLDIR/private ]; then + echo $SSLDIR/private directory doesn't exist +fi + +if [ -f $CERTFILE ]; then + echo "$CERTFILE already exists, won't overwrite" + exit 1 +fi + +if [ -f $KEYFILE ]; then + echo "$KEYFILE already exists, won't overwrite" + exit 1 +fi + +$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE || exit 2 +chmod 0600 $KEYFILE +echo +$OPENSSL x509 -subject -fingerprint -noout -in $SSLDIR/certs/dovecot.cer || exit 2 diff -r da039ae2cfd1 -r 85a888d2766e dovecot-example.conf --- a/dovecot-example.conf Sun Nov 24 22:05:06 2002 +0200 +++ b/dovecot-example.conf Mon Nov 25 00:07:53 2002 +0200 @@ -4,6 +4,7 @@ # any of the lines. Exception to this are paths, they're just examples # with real defaults being based on configure options. The paths listed here # are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +# --with-ssldir=/etc/ssl # Port to listen in for IMAP connections. This port is used for TLS # connections as well. Setting it to 0 disables it. @@ -22,8 +23,8 @@ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but -# root. Note that these default paths here are absolute, configure options -# don't affect them. Use for example OpenSSL to generate these files. +# root. Included doc/mkcert.sh can be used to easily generate self-signed +# certificate, just make sure to update the domains in dovecot-openssl.cnf #ssl_cert_file = /etc/ssl/certs/imapd.pem #ssl_key_file = /etc/ssl/private/imapd.pem