| 1 |
#!/bin/sh |
| 2 |
# |
| 3 |
CADIR="${CADIR-${DESTDIR}/etc/mail/certs/CA}" |
| 4 |
FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}" |
| 5 |
REALM=`hostname` |
| 6 |
|
| 7 |
echo "creating: ${CADIR} on ${REALM}" |
| 8 |
for i in certs crl newcerts private ../private |
| 9 |
do |
| 10 |
if test ! -d "${CADIR}/${i}" |
| 11 |
then |
| 12 |
mkdir -p "${CADIR}/${i}" |
| 13 |
fi |
| 14 |
done |
| 15 |
chmod 0700 "${CADIR}/private" "${CADIR}/../private" |
| 16 |
cd "${CADIR}" || exit 65 |
| 17 |
|
| 18 |
if test ! -f openssl.cnf |
| 19 |
then |
| 20 |
echo "generating: openssl.cnf" |
| 21 |
sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf" |
| 22 |
fi |
| 23 |
|
| 24 |
if test ! -f "serial" |
| 25 |
then |
| 26 |
echo "generating: serial" |
| 27 |
umask 0022 |
| 28 |
echo "01" > "serial" |
| 29 |
fi |
| 30 |
|
| 31 |
if test ! -f "index.txt" |
| 32 |
then |
| 33 |
echo "generating: index.txt" |
| 34 |
umask 0022 |
| 35 |
cp /dev/null "index.txt" |
| 36 |
fi |
| 37 |
|
| 38 |
if test ! -f "cacert.pem" |
| 39 |
then |
| 40 |
echo "generating CA" |
| 41 |
umask 0077 |
| 42 |
openssl req -new -x509 -config openssl.cnf \ |
| 43 |
-keyout private/cakey.pem \ |
| 44 |
-out cacert.pem |
| 45 |
fi |
| 46 |
|
| 47 |
if test ! -f "../sendmailcert.pem" |
| 48 |
then |
| 49 |
if test ! -f "../private/sendmailkey.pem" |
| 50 |
then |
| 51 |
echo "creating cert signing request" |
| 52 |
umask 0066 |
| 53 |
openssl req -nodes -new -x509 -config openssl.cnf \ |
| 54 |
-keyout ../private/sendmailkey.pem \ |
| 55 |
-out ../private/sendmailkey.pem |
| 56 |
fi |
| 57 |
if test ! -f "newcsr.pem" |
| 58 |
then |
| 59 |
echo "self signing cert" |
| 60 |
umask 0066 |
| 61 |
openssl x509 -x509toreq \ |
| 62 |
-in ../private/sendmailkey.pem \ |
| 63 |
-signkey ../private/sendmailkey.pem \ |
| 64 |
-out newcsr.pem |
| 65 |
fi |
| 66 |
if test ! -f "sendmailcert.pem" |
| 67 |
then |
| 68 |
echo "signing cert" |
| 69 |
openssl ca -config openssl.cnf -policy policy_anything \ |
| 70 |
-out ../sendmailcert.pem \ |
| 71 |
-infiles newcsr.pem |
| 72 |
rm -f newcsr.pem |
| 73 |
fi |
| 74 |
fi |
| 75 |
|
| 76 |
sed 's/^X//' << 'END-of-files/tls.m4' |
| 77 |
X# links: |
| 78 |
X# http://www.sendmail.org/~gshapiro/ |
| 79 |
X# http://www.sendmail.org/~ca/email/starttls.html |
| 80 |
X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml |
| 81 |
X# |
| 82 |
X# You may need to add this to your sendmail.mc file: |
| 83 |
X |
| 84 |
Xdefine(`confCACERT_PATH', `MAIL_SETTINGS_DIR`'certs')dnl |
| 85 |
Xdefine(`confCACERT', `confCACERT_PATH/CA/cacert.pem')dnl |
| 86 |
Xdefine(`confSERVER_CERT', `confCACERT_PATH/sendmailcert.pem')dnl |
| 87 |
Xdefine(`confSERVER_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl |
| 88 |
Xdefine(`confCLIENT_CERT', `confCACERT_PATH/sendmailcert.pem')dnl |
| 89 |
Xdefine(`confCLIENT_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl |
| 90 |
X |
| 91 |
END-of-files/tls.m4 |
| 92 |
exit |
