[Dovecot] improved create dovecot certificate script

18 Feb 2010 · *---------------------------------------------------------------------------*


      If anybody is interested, which they are probably not,
here is an improved and more rigorous version of mkcert.sh
#! /bin/sh
#*****************************************************************************#
#|
#|  file : /root/apps/share/sh/create_dovecot_certificate
#|
#*---------------------------------------------------------------------------*#
BELL="\007"
DOVECOT_DIR="${DOVECOT_DIR-/var/lib/dovecot}"
OPENSSL="${OPENSSL-openssl}"
OPENSSL_CONF="${OPENSSL_CONF-/etc/dovecot/dovecot-openssl.cnf}"
#.............................................................................#
certificates_dir="${DOVECOT_DIR}/certificates"
echo="/bin/echo -e"
error="${BELL}%ERROR -"
#*---------------------------------------------------------------------------*#
check_directory ()
{
directory="${1}"
#.............................................................................#
if [ \( ! \( -d "${directory}" \) \) ]
then
  mkdir -m 700 "${directory}" 2> /dev/null
  status=${?}

  if [ ${status} -ne 0 ]
  then
       ${echo} "${error} directory  ${directory}  cannot be created!" >&2
       exit 2
  fi

  chgrp dovecot "${directory}"
fi
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
check_executable ()
{
executable="${1}"
#.............................................................................#
if [ \( ! \( -x "which ${executable} 2> /dev/null" \) \) ]
then
${echo} "${error} executable  ${executable}  could not be found!" >&2
exit 1
fi
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
check_exists ()
{
file="${1}"
description="${2}"
#.............................................................................#
if [ -e "${file}" ]
then
  test "${description}" = "public certificate" && echo

  ${echo} \
  "${error} ${description} file  ${file}  already exists!" >&2

  test "${description}" = "public certificate" && \
  show_certificate "${certificate}"

  exit 6
fi
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
check_file ()
{
file="${1}"
description="${2}"
#.............................................................................#
if [ \( ! \( -e "${file}" \) \) ]
then
${echo} "${error} ${description} file  ${file}  does not exist!" >&2
exit 3
fi
if [ \( ! \( -f "${file}" \) \) ]
then
${echo} "${error} ${description}  ${file}  is not a file!" >&2
exit 4
fi
if [ \( ! \( -s "${file}" \) \) ]
then
${echo} "${error} ${description} file  ${file}  is empty!" >&2
exit 5
fi
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
create_certificate ()
{
configuration="${1}"
directory="${2}"
#.............................................................................#
name="hostname -f | tr '[A-Z]' '[a-z]' | tr '.' '_'-dovecot"
certificate="${directory}/${name}.crt"
check_exists "${certificate}" "public certificate"
key="${directory}/${name}.pem"
check_exists "${key}" "private key"
#.............................................................................#
${echo} "\nCreating new X509 certificate\n

with configuration  ${configuration}\nfor  ${name} ...\n"
${OPENSSL} req -new -x509 -nodes -config "${configuration}" 

-days 365 -out "${certificate}" -keyout "${key}"
status=${?}
if [ ${status} -ne 0 ]
then
${echo} "${error} ${OPENSSL} failed with exit status  ${status}!" >&2
exit 7
fi
#.............................................................................#
chmod 0400 "${key}"
chmod 0444 "${certificate}"
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
show_certificate ()
{
certificate="${1}"
#.............................................................................#
echo
${OPENSSL} x509 -in "${certificate}" -noout -dates
echo
${OPENSSL} x509 -in "${certificate}" -noout -serial
echo
${OPENSSL} x509 -in "${certificate}" -noout -subject
echo
#.............................................................................#
return 0
}
#*---------------------------------------------------------------------------*#
check_executable "${OPENSSL}"
check_file "${OPENSSL_CONF}" "openssl configuration"
check_directory "${DOVECOT_DIR}"
check_directory "${certificates_dir}"
create_certificate "${OPENSSL_CONF}" "${certificates_dir}"
#.............................................................................#
exit 0
#*****************************************************************************#

[Dovecot] improved create dovecot certificate script

Roger Oot