1 |
#!/bin/sh |
2 |
# |
3 |
CADIR="${CADIR-${DESTDIR}/etc/mail/certs/CA}" |
4 |
FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}" |
5 |
REALM=`hostname` |
6 |
|
7 |
echo "creating: ${CADIR} on ${REALM}" |
8 |
for i in certs crl newcerts private ../private |
9 |
do |
10 |
if test ! -d "${CADIR}/${i}" |
11 |
then |
12 |
mkdir -p "${CADIR}/${i}" |
13 |
fi |
14 |
done |
15 |
chmod 0700 "${CADIR}/private" "${CADIR}/../private" |
16 |
cd "${CADIR}" || exit 65 |
17 |
|
18 |
if test ! -f openssl.cnf |
19 |
then |
20 |
echo "generating: openssl.cnf" |
21 |
sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf" |
22 |
fi |
23 |
|
24 |
if test ! -f "serial" |
25 |
then |
26 |
echo "generating: serial" |
27 |
umask 0022 |
28 |
echo "01" > "serial" |
29 |
fi |
30 |
|
31 |
if test ! -f "index.txt" |
32 |
then |
33 |
echo "generating: index.txt" |
34 |
umask 0022 |
35 |
cp /dev/null "index.txt" |
36 |
fi |
37 |
|
38 |
if test ! -f "cacert.pem" |
39 |
then |
40 |
echo "generating CA" |
41 |
umask 0077 |
42 |
openssl req -new -x509 -config openssl.cnf \ |
43 |
-keyout private/cakey.pem \ |
44 |
-out cacert.pem |
45 |
fi |
46 |
|
47 |
if test ! -f "../sendmailcert.pem" |
48 |
then |
49 |
if test ! -f "../private/sendmailkey.pem" |
50 |
then |
51 |
echo "creating cert signing request" |
52 |
umask 0066 |
53 |
openssl req -nodes -new -x509 -config openssl.cnf \ |
54 |
-keyout ../private/sendmailkey.pem \ |
55 |
-out ../private/sendmailkey.pem |
56 |
fi |
57 |
if test ! -f "newcsr.pem" |
58 |
then |
59 |
echo "self signing cert" |
60 |
umask 0066 |
61 |
openssl x509 -x509toreq \ |
62 |
-in ../private/sendmailkey.pem \ |
63 |
-signkey ../private/sendmailkey.pem \ |
64 |
-out newcsr.pem |
65 |
fi |
66 |
if test ! -f "sendmailcert.pem" |
67 |
then |
68 |
echo "signing cert" |
69 |
openssl ca -config openssl.cnf -policy policy_anything \ |
70 |
-out ../sendmailcert.pem \ |
71 |
-infiles newcsr.pem |
72 |
rm -f newcsr.pem |
73 |
fi |
74 |
fi |
75 |
|
76 |
sed 's/^X//' << 'END-of-files/tls.m4' |
77 |
X# links: |
78 |
X# http://www.sendmail.org/~gshapiro/ |
79 |
X# http://www.sendmail.org/~ca/email/starttls.html |
80 |
X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml |
81 |
X# |
82 |
X# You may need to add this to your sendmail.mc file: |
83 |
X |
84 |
Xdefine(`confCACERT_PATH', `MAIL_SETTINGS_DIR`'certs')dnl |
85 |
Xdefine(`confCACERT', `confCACERT_PATH/CA/cacert.pem')dnl |
86 |
Xdefine(`confSERVER_CERT', `confCACERT_PATH/sendmailcert.pem')dnl |
87 |
Xdefine(`confSERVER_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl |
88 |
Xdefine(`confCLIENT_CERT', `confCACERT_PATH/sendmailcert.pem')dnl |
89 |
Xdefine(`confCLIENT_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl |
90 |
X |
91 |
END-of-files/tls.m4 |
92 |
exit |