dovecot ca name alteration

This commit is contained in:
Bob Mottram 2015-06-19 22:08:28 +01:00
parent ffb97e50ea
commit c1afe00074
2 changed files with 21 additions and 12 deletions

View File

@ -5683,12 +5683,12 @@ function configure_imap_client_certs {
echo '}' >> /etc/dovecot/conf.d/10-auth.conf
fi
# make a CA cert
if [ ! -f /etc/ssl/private/dovecot-ca.key ]; then
freedombone-addcert -h dovecot-ca --ca
if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca
fi
# CA configuration
echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
echo 'default_ca = dovecot-ca' >> /etc/ssl/dovecot-ca.cnf
echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf
echo '' >> /etc/ssl/dovecot-ca.cnf
echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf
echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf
@ -5696,9 +5696,9 @@ function configure_imap_client_certs {
echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf
echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf
echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf
echo 'certificate = /etc/ssl/certs/dovecot-ca.crt' >> /etc/ssl/dovecot-ca.cnf
echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf
echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf
echo 'private_key = /etc/ssl/private/dovecot-ca.key' >> /etc/ssl/dovecot-ca.cnf
echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf
echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf

View File

@ -91,6 +91,7 @@ case $key in
;;
--ca)
EXTENSIONS="-extensions v3_ca"
ORGANISATION="Freedombone-CA"
;;
--nodh)
NODH="true"
@ -112,13 +113,21 @@ if ! which openssl > /dev/null ;then
exit 5689
fi
openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
if [ ! $NODH ]; then
openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
CERTFILE=$HOSTNAME
if [[ $EXTENSIONS != "" ]]; then
CERTFILE="ca-$HOSTNAME"
fi
chmod 400 /etc/ssl/private/$HOSTNAME.key
chmod 640 /etc/ssl/certs/$HOSTNAME.crt
chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam
openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 \
-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-newkey rsa:4096 -keyout /etc/ssl/private/$CERTFILE.key \
-out /etc/ssl/certs/$HOSTNAME.crt
if [ ! $NODH ]; then
openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$CERTFILE.dhparam
fi
chmod 400 /etc/ssl/private/$CERTFILE.key
chmod 640 /etc/ssl/certs/$CERTFILE.crt
chmod 640 /etc/ssl/certs/$CERTFILE.dhparam
if [ -f /etc/init.d/nginx ]; then
/etc/init.d/nginx reload
@ -129,7 +138,7 @@ fi
if [ ! -d /etc/ssl/mycerts ]; then
mkdir /etc/ssl/mycerts
fi
cp /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/mycerts
cp /etc/ssl/certs/$CERTFILE.crt /etc/ssl/mycerts
# Create a bundle of your certificates
cat /etc/ssl/mycerts/*.crt > /etc/ssl/freedombone-bundle.crt