#!/bin/sh # # $Id: mkimapdcert.in,v 1.4 2001/08/26 15:49:50 mrsam Exp $ # # Copyright 2000 Double Precision, Inc. See COPYING for # distribution information. # # This is a short script to quickly generate a self-signed X.509 key for # IMAP over SSL. Normally this script would get called by an automatic # package installation routine. test -x /usr/bin/openssl || exit 0 prefix="/usr" if test -f /etc/ssl/bincimap/bincimap.pem then echo "/etc/ssl/bincimap/bincimap.pem already exists." exit 1 fi cp /dev/null /etc/ssl/bincimap/bincimap.pem chmod 600 /etc/ssl/bincimap/bincimap.pem chown root /etc/ssl/bincimap/bincimap.pem cleanup() { rm -f /etc/ssl/bincimap/bincimap.pem rm -f /etc/ssl/bincimap/bincimap.rand exit 1 } cd /etc/ssl/bincimap dd if=/dev/urandom of=/etc/ssl/bincimap/bincimap.rand count=1 2>/dev/null /usr/bin/openssl req -new -x509 -days 365 -nodes \ -config /etc/ssl/bincimap/bincimap.cnf -out /etc/ssl/bincimap/bincimap.pem -keyout /etc/ssl/bincimap/bincimap.pem || cleanup /usr/bin/openssl gendh -rand /etc/ssl/bincimap/bincimap.rand 512 >>/etc/ssl/bincimap/bincimap.pem || cleanup /usr/bin/openssl x509 -subject -dates -fingerprint -noout -in /etc/ssl/bincimap/bincimap.pem || cleanup rm -f /etc/ssl/bincimap/bincimap.rand