[Dovecot] improved create dovecot certificate script

Roger Oot miller at yoyo.ORG
Thu Feb 18 19:46:04 EET 2010 

If anybody is interested, which they are probably not,
here is an improved and more rigorous version of mkcert.sh


#! /bin/sh

#*****************************************************************************#
#|
#|  file : /root/apps/share/sh/create_dovecot_certificate
#|
#*---------------------------------------------------------------------------*#

BELL="\007"

DOVECOT_DIR="${DOVECOT_DIR-/var/lib/dovecot}"

OPENSSL="${OPENSSL-openssl}"

OPENSSL_CONF="${OPENSSL_CONF-/etc/dovecot/dovecot-openssl.cnf}"

#.............................................................................#

certificates_dir="${DOVECOT_DIR}/certificates"

echo="/bin/echo -e"

error="${BELL}%ERROR -"

#*---------------------------------------------------------------------------*#

check_directory ()
{

 directory="${1}"

#.............................................................................#

 if [ \( ! \( -d "${directory}" \) \) ]
 then

      mkdir -m 700 "${directory}" 2> /dev/null
      status=${?}

      if [ ${status} -ne 0 ]
      then
           ${echo} "${error} directory  ${directory}  cannot be created!" >&2
           exit 2
      fi

      chgrp dovecot "${directory}"

 fi

#.............................................................................#

 return 0

}

#*---------------------------------------------------------------------------*#

check_executable ()
{

 executable="${1}"

#.............................................................................#

 if [ \( ! \( -x "`which ${executable} 2> /dev/null`" \) \) ]
 then
      ${echo} "${error} executable  ${executable}  could not be found!" >&2
      exit 1
 fi

#.............................................................................#

 return 0

}

#*---------------------------------------------------------------------------*#

check_exists ()
{

 file="${1}"
 description="${2}"

#.............................................................................#

 if [ -e "${file}" ]
 then

      test "${description}" = "public certificate" && echo

      ${echo} \
      "${error} ${description} file  ${file}  already exists!" >&2

      test "${description}" = "public certificate" && \
      show_certificate "${certificate}"

      exit 6

 fi

#.............................................................................#

 return 0

}
#*---------------------------------------------------------------------------*#

check_file ()
{

 file="${1}"
 description="${2}"

#.............................................................................#

 if [ \( ! \( -e "${file}" \) \) ]
 then
      ${echo} "${error} ${description} file  ${file}  does not exist!" >&2
      exit 3
 fi

 if [ \( ! \( -f "${file}" \) \) ]
 then
      ${echo} "${error} ${description}  ${file}  is not a file!" >&2
      exit 4
 fi

 if [ \( ! \( -s "${file}" \) \) ]
 then
      ${echo} "${error} ${description} file  ${file}  is empty!" >&2
      exit 5
 fi

#.............................................................................#

 return 0

}

#*---------------------------------------------------------------------------*#

create_certificate ()
{

 configuration="${1}"
 directory="${2}"

#.............................................................................#

 name="`hostname -f | tr '[A-Z]' '[a-z]' | tr '.' '_'`-dovecot"

 certificate="${directory}/${name}.crt"
 check_exists "${certificate}" "public certificate"

 key="${directory}/${name}.pem"
 check_exists "${key}" "private key"

#.............................................................................#

 ${echo} "\nCreating new X509 certificate\n\
with configuration  ${configuration}\nfor  ${name} ...\n"

 ${OPENSSL} req -new -x509 -nodes -config "${configuration}" \
                -days 365 -out "${certificate}" -keyout "${key}"
 status=${?}

 if [ ${status} -ne 0 ]
 then
      ${echo} "${error} ${OPENSSL} failed with exit status  ${status}!" >&2
      exit 7
 fi

#.............................................................................#

 chmod 0400 "${key}"
 chmod 0444 "${certificate}"

#.............................................................................#

 return 0

}

#*---------------------------------------------------------------------------*#

show_certificate ()
{

 certificate="${1}"

#.............................................................................#

 echo 

 ${OPENSSL} x509 -in "${certificate}" -noout -dates

 echo

 ${OPENSSL} x509 -in "${certificate}" -noout -serial

 echo

 ${OPENSSL} x509 -in "${certificate}" -noout -subject

 echo

#.............................................................................#

 return 0

}

#*---------------------------------------------------------------------------*#

check_executable "${OPENSSL}"

check_file "${OPENSSL_CONF}" "openssl configuration"

check_directory "${DOVECOT_DIR}"

check_directory "${certificates_dir}"

create_certificate "${OPENSSL_CONF}" "${certificates_dir}"

#.............................................................................#

exit 0

#*****************************************************************************#

More information about the dovecot mailing list