#!/bin/sh # # $Id: mkimapdcert.in,v 1.4 2001/08/26 15:49:50 mrsam Exp $ # # Copyright 2000 Double Precision, Inc. See COPYING for # distribution information. # # This is a short script to quickly generate a self-signed X.509 key for # IMAP over SSL. Normally this script would get called by an automatic # package installation routine. test -x /usr/bin/openssl || exit 0 ssldir="/etc/ssl/cyrus-imapd" pemfile="${ssldir}/cyrus-imapd.pem" randfile="/var/lib/imap/cyrus-imapd.rand" cnffile="${ssldir}/cyrus-imapd.cnf" if test -f "$pemfile" then echo "$pemfile already exists." exit 1 fi cp /dev/null "$pemfile" chmod 600 "$pemfile" chown cyrus.mail "$pemfile" cleanup() { rm -f "$pemfile" rm -f "$randfile" exit 1 } cd "$ssldir" dd if=/dev/urandom of="$randfile" count=1 2>/dev/null /usr/bin/openssl req -new -x509 -days 365 -nodes \ -config "$cnffile" -out "$pemfile" -keyout "$pemfile" || cleanup /usr/bin/openssl gendh -rand "$randfile" 512 >>"$pemfile" || cleanup /usr/bin/openssl x509 -subject -dates -fingerprint -noout -in "$pemfile" || cleanup rm -f "$randfile"