DoveCotZertifikat
Zur Navigation springen
Zur Suche springen
Zertifikat für Dovecot
[Bearbeiten]/usr/share/dovecot/mkcert.sh
[Bearbeiten]#!/bin/sh
# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.
OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
VALID_DAYS=1000
CERTDIR=/etc/dovecot
KEYDIR=/etc/dovecot/private
CERTFILE=$CERTDIR/dovecot.pem
KEYFILE=$KEYDIR/dovecot.pem
if [ ! -d $CERTDIR ]; then
echo "$SSLDIR/certs directory doesn't exist"
exit 1
fi
if [ ! -d $KEYDIR ]; then
echo "$SSLDIR/private directory doesn't exist"
exit 1
fi
if [ -f $CERTFILE ]; then
echo "$CERTFILE already exists, won't overwrite"
exit 1
fi
if [ -f $KEYFILE ]; then
echo "$KEYFILE already exists, won't overwrite"
exit 1
fi
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days $VALID_DAYS || exit 2
chmod 0600 $KEYFILE
echo
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
dovecot-openssl.cnf:
[Bearbeiten]# # SSLeay configuration file for Dovecot. # RANDFILE = /dev/urandom [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name prompt = no policy = policy_anything req_extensions = v3_req x509_extensions = v3_req [ req_distinguished_name ] organizationName = Dovecot mail server organizationalUnitName = @commonName@ commonName = @commonName@ emailAddress = @emailAddress@ [ v3_req ] basicConstraints = CA:FALSE