Beginning of imap client certs
This commit is contained in:
parent
43c64a3fba
commit
d971f4f75f
|
@ -5653,6 +5653,25 @@ function configure_imap {
|
|||
sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
|
||||
sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
|
||||
sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
|
||||
|
||||
# enable login via client certs
|
||||
# http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
|
||||
#sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
|
||||
#sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
|
||||
#sed -i 's|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/dovecot-ca.pem|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
#sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
|
||||
#if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
|
||||
#echo '' >> /etc/dovecot/conf.d/10-auth.conf
|
||||
#echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
|
||||
#echo ' driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
|
||||
#echo ' args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
|
||||
#echo ' deny = no' >> /etc/dovecot/conf.d/10-auth.conf
|
||||
#echo ' master = no' >> /etc/dovecot/conf.d/10-auth.conf
|
||||
#echo ' pass = no' >> /etc/dovecot/conf.d/10-auth.conf
|
||||
#echo '}' >> /etc/dovecot/conf.d/10-auth.conf
|
||||
#fi
|
||||
#echo "$MY_USERNAME:{plain}::::::nopassword" > /etc/dovecot/passwd-file
|
||||
#freedombone-addcert -h dovecot-ca --ca
|
||||
service dovecot restart
|
||||
echo 'configure_imap' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
|
@ -34,6 +34,7 @@ AREA="Free Speech Zone"
|
|||
LOCATION="Freedomville"
|
||||
ORGANISATION="Freedombone"
|
||||
UNIT="Freedombone Unit"
|
||||
EXTENSIONS=""
|
||||
|
||||
function show_help {
|
||||
echo ''
|
||||
|
@ -49,6 +50,7 @@ function show_help {
|
|||
echo ' -l --location [locn] Optional location name'
|
||||
echo ' -o --organisation [name] Optional organisation name'
|
||||
echo ' -u --unit [name] Optional unit name'
|
||||
echo ' --ca Certificate authority cert'
|
||||
echo ''
|
||||
exit 0
|
||||
}
|
||||
|
@ -85,6 +87,9 @@ case $key in
|
|||
shift
|
||||
UNIT="$1"
|
||||
;;
|
||||
--ca)
|
||||
EXTENSIONS="-extensions v3_ca"
|
||||
;;
|
||||
*)
|
||||
# unknown option
|
||||
;;
|
||||
|
@ -102,7 +107,7 @@ if ! which openssl > /dev/null ;then
|
|||
exit 5689
|
||||
fi
|
||||
|
||||
openssl req -x509 -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
|
||||
openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
|
||||
openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
|
||||
chmod 400 /etc/ssl/private/$HOSTNAME.key
|
||||
chmod 640 /etc/ssl/certs/$HOSTNAME.crt
|
||||
|
|
Loading…
Reference in New Issue