mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-22 02:17:26 +00:00
Merge pull request #68 from mkropat/protect-key
Protect private key from being world-readable
This commit is contained in:
commit
ca34c1b1ae
@ -221,7 +221,8 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
|
|||||||
mkdir -p $STORAGE_ROOT/ssl
|
mkdir -p $STORAGE_ROOT/ssl
|
||||||
if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
|
if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
|
||||||
# Generate a new private key if one doesn't already exist.
|
# Generate a new private key if one doesn't already exist.
|
||||||
openssl genrsa -out $STORAGE_ROOT/ssl/ssl_private_key.pem 2048
|
# Set the umask so the key file is not world-readable.
|
||||||
|
(umask 077; openssl genrsa -out $STORAGE_ROOT/ssl/ssl_private_key.pem 2048)
|
||||||
fi
|
fi
|
||||||
if [ ! -f $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr ]; then
|
if [ ! -f $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr ]; then
|
||||||
# Generate a certificate signing request if one doesn't already exist.
|
# Generate a certificate signing request if one doesn't already exist.
|
||||||
|
Loading…
Reference in New Issue
Block a user