mkcert.sh

   1 #!/bin/sh
   2
   3 # Generates a self-signed certificate.
   4 # Edit dovecot-openssl.cnf before running this.
   5
   6 umask 077
   7 OPENSSL=${OPENSSL-openssl}
   8 SSLDIR=${SSLDIR-/etc/ssl}
   9 OPENSSLCONFIG=${OPENSSLCONFIG-/usr/share/dovecot-cn/dovecot-openssl.cnf}
  10
  11 CERTDIR=/etc/dovecot
  12 KEYDIR=/etc/dovecot/private
  13
  14 CERTFILE=$CERTDIR/dovecot.pem
  15 KEYFILE=$KEYDIR/dovecot.pem
  16
  17 if [ ! -d $CERTDIR ]; then
  18   echo "$SSLDIR/certs directory doesn't exist"
  19   exit 1
  20 fi
  21
  22 if [ ! -d $KEYDIR ]; then
  23   echo "$SSLDIR/private directory doesn't exist"
  24   exit 1
  25 fi
  26
  27 if [ -f $CERTFILE ]; then
  28   echo "$CERTFILE already exists, won't overwrite"
  29   exit 1
  30 fi
  31
  32 if [ -f $KEYFILE ]; then
  33   echo "$KEYFILE already exists, won't overwrite"
  34   exit 1
  35 fi
  36
  37 $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
  38 chmod 0600 $KEYFILE
  39 echo
  40 $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2