blob: eb70cdecefe36a03523c62f52951a3e88d33a935 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#!/bin/sh
# based on doc/mkcert.sh
# if ssl disabled then lets just exit
doveconf ssl 2>/dev/null | grep -Eq '(yes|required)' || exit 0
# Generates a self-signed certificate.
OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl/dovecot}
OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf}
CERTDIR=$SSLDIR
KEYDIR=$SSLDIR
# check if we have ssl_cert and/or key (for dovecot-2.0+)
# try expand the cert/key itself and if found, lets just keep it
[ -n "$(doveconf -x ssl_cert 2>/dev/null)" ] && exit 0
[ -n "$(doveconf -x ssl_key 2>/dev/null)" ] && exit 0
ssl_cert_file=$(doveconf ssl_cert | sed 's/.*= <//')
ssl_key_file=$(doveconf ssl_key | sed 's/.*= <//')
CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem}
KEYFILE=${ssl_key_file:-$KEYDIR/server.key}
if [ -e "$CERTFILE" ]; then
echo "Keeping existing $CERTFILE"
exit 0
fi
if [ -e "$KEYFILE" ]; then
echo "Keeping existing $KEYFILE"
exit 0
fi
if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then
echo "No /dev/urandom or /dev/random so ssl cert not created"
exit 1
fi
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
chmod 0600 $KEYFILE
echo
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
|