Mercurial > dovecot > original-hg > dovecot-1.2
changeset 657:85a888d2766e HEAD
Added script to easily generate self-signed certificate.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Mon, 25 Nov 2002 00:07:53 +0200 |
| parents | da039ae2cfd1 |
| children | 1a86a8b6e6ff |
| files | configure.in doc/Makefile.am doc/dovecot-openssl.cnf doc/mkcert.sh dovecot-example.conf |
| diffstat | 5 files changed, 75 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/configure.in Sun Nov 24 22:05:06 2002 +0200 +++ b/configure.in Mon Nov 25 00:07:53 2002 +0200 @@ -121,6 +121,12 @@ want_openssl=yes ]) +AC_ARG_WITH(ssldir, +[ --with-ssldir=DIR SSL base directory for certificates (/etc/ssl)], + ssldir="$withval", + ssldir=/etc/ssl +) + dnl ** dnl ** just some generic stuff... dnl **
--- a/doc/Makefile.am Sun Nov 24 22:05:06 2002 +0200 +++ b/doc/Makefile.am Mon Nov 25 00:07:53 2002 +0200 @@ -10,4 +10,6 @@ nfs.txt EXTRA_DIST = \ + mkcert.sh \ + dovecot-openssl.cnf \ $(doc_DATA)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/dovecot-openssl.cnf Mon Nov 25 00:07:53 2002 +0200 @@ -0,0 +1,31 @@ +[ req ] +default_bits = 1024 +encrypt_key = yes +distinguished_name = req_dn +x509_extensions = cert_type +prompt = no + +[ req_dn ] +# country (2 letter code) +#C=FI + +# State or Province Name (full name) +#ST= + +# Locality Name (eg. city) +#L=Helsinki + +# Organization (eg. company) +#O=Dovecot + +# Organizational Unit Name (eg. section) +OU=IMAP server + +# Common Name (*.example.com is also possible) +CN=imap.example.com + +# E-mail contact +emailAddress=postmaster@example.com + +[ cert_type ] +nsCertType = server
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/mkcert.sh Mon Nov 25 00:07:53 2002 +0200 @@ -0,0 +1,33 @@ +#!/bin/sh + +# Generates a self-signed certificate. + +OPENSSL=${OPENSSL-openssl} +SSLDIR=${SSLDIR-/etc/ssl} +OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} + +CERTFILE=$SSLDIR/certs/dovecot.cer +KEYFILE=$SSLDIR/private/dovecot.key + +if [ ! -d $SSLDIR/certs ]; then + echo $SSLDIR/certs directory doesn't exist +fi + +if [ ! -d $SSLDIR/private ]; then + echo $SSLDIR/private directory doesn't exist +fi + +if [ -f $CERTFILE ]; then + echo "$CERTFILE already exists, won't overwrite" + exit 1 +fi + +if [ -f $KEYFILE ]; then + echo "$KEYFILE already exists, won't overwrite" + exit 1 +fi + +$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE || exit 2 +chmod 0600 $KEYFILE +echo +$OPENSSL x509 -subject -fingerprint -noout -in $SSLDIR/certs/dovecot.cer || exit 2
--- a/dovecot-example.conf Sun Nov 24 22:05:06 2002 +0200 +++ b/dovecot-example.conf Mon Nov 25 00:07:53 2002 +0200 @@ -4,6 +4,7 @@ # any of the lines. Exception to this are paths, they're just examples # with real defaults being based on configure options. The paths listed here # are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +# --with-ssldir=/etc/ssl # Port to listen in for IMAP connections. This port is used for TLS # connections as well. Setting it to 0 disables it. @@ -22,8 +23,8 @@ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but -# root. Note that these default paths here are absolute, configure options -# don't affect them. Use for example OpenSSL to generate these files. +# root. Included doc/mkcert.sh can be used to easily generate self-signed +# certificate, just make sure to update the domains in dovecot-openssl.cnf #ssl_cert_file = /etc/ssl/certs/imapd.pem #ssl_key_file = /etc/ssl/private/imapd.pem