aports/testing/exim/exim.gencert
Stuart Cardall d4f7749339 testing/exim: add exim-gencert from Debian to exim-utils
Adds exim-gencert from Debian altered to use custom expiry date
and key size (3 years / 4096 bit by default).

Review notes:
Cleaned the exim.gencert script. ~ @jirutka
2017-02-12 21:58:09 +01:00

79 lines
1.8 KiB
Bash

#!/bin/sh
set -e
if [ -n "$EX4DEBUG" ]; then
echo "now debugging $0 $@"
set -x
fi
DIR=/etc/exim
CERT=$DIR/exim.crt
KEY=$DIR/exim.key
if ! which openssl > /dev/null ;then
echo "$0: openssl is not installed, exiting" 1>&2
exit 1
fi
if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
echo "[*] $CERT and $KEY exists!"
printf "\n Use \"$0 --force\" to force generation!\n"
exit 0
fi
case "$1" in
--force) shift;;
--help) echo "Usage: $0 -or- $0 days keysize"; exit 0;;
esac
DAYS=${1:-1095}
KEYSIZE=${2:-4096}
SSLEAY="$(mktemp)" && chmod 600 "$SSLEAY"
cat > "$SSLEAY" <<-EOF
RANDFILE = $HOME/.rnd
[ req ]
default_bits = $KEYSIZE
default_keyfile = exim.key
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Code (2 letters)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company; recommended)
organizationName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_max = 64
commonName = Server name (eg. ssl.domain.tld; required!!!)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
EOF
cat <<-EOF
[*] Generating a self signed SSL certificate for Exim:
Key Size = $KEYSIZE Validity = $DAYS days
Key File = $KEY
Cert File = $CERT
EOF
read -p 'Continue [ Y/n ] ? : ' ans
case "$ans" in
n*|N*) exit 0;;
*) printf "\n Please enter the hostname of your MTA at the Common Name (CN) prompt:\n"
openssl req -config "$SSLEAY" -x509 -newkey rsa:$KEYSIZE -keyout $KEY -out $CERT -days $DAYS -nodes
rm -f "$SSLEAY"
chown root:exim $KEY $CERT $DH
chmod 640 $KEY $CERT $DH
printf "\n[*] Done generating self signed certificates for exim!"
;;
esac