[Dovecot] improved create dovecot certificate script
Roger Oot
miller at yoyo.ORG
Thu Feb 18 19:46:04 EET 2010
If anybody is interested, which they are probably not,
here is an improved and more rigorous version of mkcert.sh
#! /bin/sh
#*****************************************************************************#
#|
#| file : /root/apps/share/sh/create_dovecot_certificate
#|
#*---------------------------------------------------------------------------*#
BELL="\007"
DOVECOT_DIR="${DOVECOT_DIR-/var/lib/dovecot}"
OPENSSL="${OPENSSL-openssl}"
OPENSSL_CONF="${OPENSSL_CONF-/etc/dovecot/dovecot-openssl.cnf}"
#.............................................................................#
certificates_dir="${DOVECOT_DIR}/certificates"
echo="/bin/echo -e"
error="${BELL}%ERROR -"
#*---------------------------------------------------------------------------*#
check_directory ()
{
directory="${1}"
#.............................................................................#
if [ \( ! \( -d "${directory}" \) \) ]
then
mkdir -m 700 "${directory}" 2> /dev/null
status=${?}
if [ ${status} -ne 0 ]
then
${echo} "${error} directory ${directory} cannot be created!" >&2
exit 2
fi
chgrp dovecot "${directory}"
fi
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
check_executable ()
{
executable="${1}"
#.............................................................................#
if [ \( ! \( -x "`which ${executable} 2> /dev/null`" \) \) ]
then
${echo} "${error} executable ${executable} could not be found!" >&2
exit 1
fi
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
check_exists ()
{
file="${1}"
description="${2}"
#.............................................................................#
if [ -e "${file}" ]
then
test "${description}" = "public certificate" && echo
${echo} \
"${error} ${description} file ${file} already exists!" >&2
test "${description}" = "public certificate" && \
show_certificate "${certificate}"
exit 6
fi
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
check_file ()
{
file="${1}"
description="${2}"
#.............................................................................#
if [ \( ! \( -e "${file}" \) \) ]
then
${echo} "${error} ${description} file ${file} does not exist!" >&2
exit 3
fi
if [ \( ! \( -f "${file}" \) \) ]
then
${echo} "${error} ${description} ${file} is not a file!" >&2
exit 4
fi
if [ \( ! \( -s "${file}" \) \) ]
then
${echo} "${error} ${description} file ${file} is empty!" >&2
exit 5
fi
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
create_certificate ()
{
configuration="${1}"
directory="${2}"
#.............................................................................#
name="`hostname -f | tr '[A-Z]' '[a-z]' | tr '.' '_'`-dovecot"
certificate="${directory}/${name}.crt"
check_exists "${certificate}" "public certificate"
key="${directory}/${name}.pem"
check_exists "${key}" "private key"
#.............................................................................#
${echo} "\nCreating new X509 certificate\n\
with configuration ${configuration}\nfor ${name} ...\n"
${OPENSSL} req -new -x509 -nodes -config "${configuration}" \
-days 365 -out "${certificate}" -keyout "${key}"
status=${?}
if [ ${status} -ne 0 ]
then
${echo} "${error} ${OPENSSL} failed with exit status ${status}!" >&2
exit 7
fi
#.............................................................................#
chmod 0400 "${key}"
chmod 0444 "${certificate}"
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
show_certificate ()
{
certificate="${1}"
#.............................................................................#
echo
${OPENSSL} x509 -in "${certificate}" -noout -dates
echo
${OPENSSL} x509 -in "${certificate}" -noout -serial
echo
${OPENSSL} x509 -in "${certificate}" -noout -subject
echo
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
check_executable "${OPENSSL}"
check_file "${OPENSSL_CONF}" "openssl configuration"
check_directory "${DOVECOT_DIR}"
check_directory "${certificates_dir}"
create_certificate "${OPENSSL_CONF}" "${certificates_dir}"
#.............................................................................#
exit 0
#*****************************************************************************#
More information about the dovecot
mailing list