From 24edd5ce916878484416009abf90a07fb24d02ab Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 3 Jun 2014 21:17:10 +0000 Subject: [PATCH] the SSL CSR must be generated with a country code --- setup/mail.sh | 10 ++++++++-- setup/start.sh | 10 ++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/setup/mail.sh b/setup/mail.sh index 836375cd..8b3a7bbc 100755 --- a/setup/mail.sh +++ b/setup/mail.sh @@ -218,12 +218,18 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \ # SSL CERTIFICATE -# Create a self-signed certifiate. mkdir -p $STORAGE_ROOT/ssl if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then + # Generate a new private key if one doesn't already exist. openssl genrsa -out $STORAGE_ROOT/ssl/ssl_private_key.pem 2048 +fi +if [ ! -f $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr ]; then + # Generate a certificate signing request if one doesn't already exist. openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr \ - -subj "/C=/ST=/L=/O=/CN=$PUBLIC_HOSTNAME" + -subj "/C=$CSR_COUNTRY/ST=/L=/O=/CN=$PUBLIC_HOSTNAME" +fi +if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then + # Generate a SSL certificate by self-signing if a SSL certificate doesn't yet exist. openssl x509 -req -days 365 \ -in $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr -signkey $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_certificate.pem fi diff --git a/setup/start.sh b/setup/start.sh index a6e3e384..e86ea890 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -35,6 +35,15 @@ if [ -z "$PUBLIC_IP" ]; then read -e -i "`hostname -i`" -p "Public IP: " PUBLIC_IP fi +if [ -z "$CSR_COUNTRY" ]; then + echo + echo "Enter the two-letter, uppercase country code for where you" + echo "live or where your organization is based. (This is used to" + echo "create an SSL certificate.)" + echo + read -e -p "Country Code: " CSR_COUNTRY +fi + # Create the user named "user-data" and store all persistent user # data (mailboxes, etc.) in that user's home directory. if [ -z "$STORAGE_ROOT" ]; then @@ -50,6 +59,7 @@ cat > /etc/mailinabox.conf << EOF; STORAGE_ROOT=$STORAGE_ROOT PUBLIC_HOSTNAME=$PUBLIC_HOSTNAME PUBLIC_IP=$PUBLIC_IP +CSR_COUNTRY=$CSR_COUNTRY EOF # For docker, we don't want any of our scripts to start daemons.