diff options
Diffstat (limited to 'mail/sendmail/files/tls-install.sh')
| -rw-r--r-- | mail/sendmail/files/tls-install.sh | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/mail/sendmail/files/tls-install.sh b/mail/sendmail/files/tls-install.sh new file mode 100644 index 000000000000..1157bab95c54 --- /dev/null +++ b/mail/sendmail/files/tls-install.sh @@ -0,0 +1,87 @@ +#!/bin/sh +# +CADIR="${CADIR-${DESTDIR}/etc/mail/certs}" +FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}" +REALM=`hostname` + +echo "creating: ${CADIR} on ${REALM}" +for i in certs crl newcerts private +do + if test ! -d "${CADIR}/${i}" + then + mkdir -p "${CADIR}/${i}" + fi +done +chmod 0600 "${CADIR}/private" +cd "${CADIR}" || exit 65 + +if test ! -f openssl.cnf +then + echo "generating: openssl.cnf" + sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf" +fi + +if test ! -f "serial" +then + echo "generating: serial" + echo "01" > "serial" +fi + +if test ! -f "index.txt" +then + echo "generating: index.txt" + cp /dev/null "index.txt" +fi + +if test ! -f "cacert.pem" +then + echo "generating CA" + openssl req -new -x509 -config openssl.cnf \ + -keyout private/cakey.pem \ + -out cacert.pem + chmod 0600 "private/cakey.pem" +fi + +if test ! -f "sendmailcert.pem" +then + if test ! -f "private/sendmailkey.pem" + then + echo "generating server CERT" + umask 0066 + openssl req -nodes -new -x509 -config openssl.cnf \ + -keyout private/sendmailkey.pem \ + -out private/sendmailkey.pem + fi + if test ! -f "newcsr.pem" + then + echo "signing CERT1" + openssl x509 -x509toreq \ + -in private/sendmailkey.pem \ + -signkey private/sendmailkey.pem \ + -out newcsr.pem + fi + if test ! -f "sendmailcert.pem" + then + echo "signing CERT2" + openssl ca -config openssl.cnf -policy policy_anything \ + -out sendmailcert.pem \ + -infiles newcsr.pem + rm -f newcsr.pem + fi +fi + +sed 's/^X//' << 'END-of-files/tls.m4' +X# links: +X# http://www.sendmail.org/~ca/email/starttls.html +X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml +X# +X# You may need to add this to your sendmail.mc file: +X +Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl +Xdefine(`confCACERT_PATH', `CERT_DIR')dnl +Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl +Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl +Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl +X +END-of-files/tls.m4 +exit |