| Current File : //sbin/mkimapdcert |
#! /bin/sh
#
#
# Copyright 2000-2007 Double Precision, Inc. See COPYING for
# distribution information.
#
# This is a short script to q`uickly generate a self-signed X.509 key for
# ESMTP STARTTLS. Normally this script would get called by an automatic
# package installation routine.
CERTNAME=$(basename $0 | sed -e 's/^mk//;s/cert$//')
PEMFILE="$1"
if [ -z "$PEMFILE" ]; then
# Note: this is not the full file name, but lacking the
# extension, e.g. just "/etc/courier/esmtpd"
PEMFILE=/etc/courier/$CERTNAME
fi
if test "gnutls" = "openssl"
then
test -x /usr/bin/openssl || exit 0
else
test -x /usr/bin/certtool || exit 0
fi
if test -f "$PEMFILE".pem
then
echo "${PEMFILE}.pem already exists."
exit 1
fi
cleanup() {
rm -f "$PEMFILE".rand
rm -f "$PEMFILE".pem
rm -f "$PEMFILE".key
rm -f "$PEMFILE".cert
exit 1
}
cd /etc/courier
umask 077
BITS="$BITS"
set -e
install -b -m 600 -o "courier" /dev/null "$PEMFILE".pem
if test "gnutls" = "openssl"
then
dd if=/dev/urandom of="$PEMFILE".rand count=1 2>/dev/null
/usr/bin/openssl req -new -x509 -days 365 -nodes \
-config /etc/courier/$CERTNAME.cnf -out "$PEMFILE".pem -keyout "$PEMFILE".pem || cleanup
if test "$BITS" = ""
then
BITS="2048"
fi
/usr/bin/openssl dhparam -2 -rand "$PEMFILE".rand $BITS >>"$PEMFILE".pem || cleanup
/usr/bin/openssl x509 -text -noout -in "$PEMFILE".pem > "$PEMFILE".cert || cleanup
cat "$PEMFILE".cert >>"$PEMFILE".pem
rm -f "$PEMFILE".rand "$PEMFILE".cert
else
if test "$BITS" = ""
then
BITS="high"
fi
install -b -m 600 -o "courier" /dev/null "$PEMFILE".key
install -v -m 600 -o "courier" /dev/null "$PEMFILE".cert
/usr/bin/certtool --generate-privkey --sec-param=$BITS --outfile "$PEMFILE".key || cleanup
/usr/bin/certtool --generate-self-signed --load-privkey "$PEMFILE".key --outfile "$PEMFILE".cert --template /etc/courier/$CERTNAME.cnf || cleanup
cp /dev/null "$PEMFILE".pem
chmod 600 "$PEMFILE".pem
chown courier "$PEMFILE".pem
cat "$PEMFILE".key "$PEMFILE".cert >"$PEMFILE".pem
rm -f "$PEMFILE".key "$PEMFILE".cert
fi