If anybody is interested, which they are probably not, here is an improved and more rigorous version of mkcert.sh
#! /bin/sh #*****************************************************************************# #| #| file : /root/apps/share/sh/create_dovecot_certificate #| #*---------------------------------------------------------------------------*# BELL="\007" DOVECOT_DIR="${DOVECOT_DIR-/var/lib/dovecot}" OPENSSL="${OPENSSL-openssl}" OPENSSL_CONF="${OPENSSL_CONF-/etc/dovecot/dovecot-openssl.cnf}" #.............................................................................# certificates_dir="${DOVECOT_DIR}/certificates" echo="/bin/echo -e" error="${BELL}%ERROR -" #*---------------------------------------------------------------------------*# check_directory () { directory="${1}" #.............................................................................# if [ \( ! \( -d "${directory}" \) \) ] then mkdir -m 700 "${directory}" 2> /dev/null status=${?} if [ ${status} -ne 0 ] then ${echo} "${error} directory ${directory} cannot be created!" >&2 exit 2 fi chgrp dovecot "${directory}" fi #.............................................................................# return 0 } #*---------------------------------------------------------------------------*# check_executable () { executable="${1}" #.............................................................................# if [ \( ! \( -x "`which ${executable} 2> /dev/null`" \) \) ] then ${echo} "${error} executable ${executable} could not be found!" >&2 exit 1 fi #.............................................................................# return 0 } #*---------------------------------------------------------------------------*# check_exists () { file="${1}" description="${2}" #.............................................................................# if [ -e "${file}" ] then test "${description}" = "public certificate" && echo ${echo} \ "${error} ${description} file ${file} already exists!" >&2 test "${description}" = "public certificate" && \ show_certificate "${certificate}" exit 6 fi #.............................................................................# return 0 } #*---------------------------------------------------------------------------*# check_file () { file="${1}" description="${2}" #.............................................................................# if [ \( ! \( -e "${file}" \) \) ] then ${echo} "${error} ${description} file ${file} does not exist!" >&2 exit 3 fi if [ \( ! \( -f "${file}" \) \) ] then ${echo} "${error} ${description} ${file} is not a file!" >&2 exit 4 fi if [ \( ! \( -s "${file}" \) \) ] then ${echo} "${error} ${description} file ${file} is empty!" >&2 exit 5 fi #.............................................................................# return 0 } #*---------------------------------------------------------------------------*# create_certificate () { configuration="${1}" directory="${2}" #.............................................................................# name="`hostname -f | tr '[A-Z]' '[a-z]' | tr '.' '_'`-dovecot" certificate="${directory}/${name}.crt" check_exists "${certificate}" "public certificate" key="${directory}/${name}.pem" check_exists "${key}" "private key" #.............................................................................# ${echo} "\nCreating new X509 certificate\n\ with configuration ${configuration}\nfor ${name} ...\n" ${OPENSSL} req -new -x509 -nodes -config "${configuration}" \ -days 365 -out "${certificate}" -keyout "${key}" status=${?} if [ ${status} -ne 0 ] then ${echo} "${error} ${OPENSSL} failed with exit status ${status}!" >&2 exit 7 fi #.............................................................................# chmod 0400 "${key}" chmod 0444 "${certificate}" #.............................................................................# return 0 } #*---------------------------------------------------------------------------*# show_certificate () { certificate="${1}" #.............................................................................# echo ${OPENSSL} x509 -in "${certificate}" -noout -dates echo ${OPENSSL} x509 -in "${certificate}" -noout -serial echo ${OPENSSL} x509 -in "${certificate}" -noout -subject echo #.............................................................................# return 0 } #*---------------------------------------------------------------------------*# check_executable "${OPENSSL}" check_file "${OPENSSL_CONF}" "openssl configuration" check_directory "${DOVECOT_DIR}" check_directory "${certificates_dir}" create_certificate "${OPENSSL_CONF}" "${certificates_dir}" #.............................................................................# exit 0 #*****************************************************************************#