From 42675ba7ad78ef5273bbfda04cb589da1ea49cab Mon Sep 17 00:00:00 2001 From: j-marz Date: Mon, 29 Jul 2019 19:14:36 +1000 Subject: [PATCH] Fixed self-signed cert generation (#1183) Added optional FQDN arguement to setup.sh script which avoids using temporary container hostname for cert names. Also fixed issue with certs being saved outside config volume --- setup.sh | 4 ++-- target/bin/generate-ssl-certificate | 25 +++++++++++++++++++------ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/setup.sh b/setup.sh index af69b9a9..c5c64b74 100755 --- a/setup.sh +++ b/setup.sh @@ -70,7 +70,7 @@ SUBCOMMANDS: config: $0 config dkim (default: 2048) - $0 config ssl + $0 config ssl relay: @@ -217,7 +217,7 @@ case $1 in _docker_image generate-dkim-config $2 ;; ssl) - _docker_image generate-ssl-certificate + _docker_image generate-ssl-certificate "$2" ;; *) _usage diff --git a/target/bin/generate-ssl-certificate b/target/bin/generate-ssl-certificate index c53ab381..aaf00fcc 100755 --- a/target/bin/generate-ssl-certificate +++ b/target/bin/generate-ssl-certificate @@ -1,13 +1,26 @@ -#!/bin/sh +#!/bin/bash -FQDN=$(hostname --fqdn) +set -e -cd /ssl +# check if FQDN was passed as arguement in setup.sh +if [ -z "$1" ]; then + FQDN="$(hostname --fqdn)" +else + FQDN="$1" +fi + +ssl_cfg_path="/tmp/docker-mailserver/ssl" + +if [ ! -d "$ssl_cfg_path" ]; then + mkdir "$ssl_cfg_path" +fi + +cd "$ssl_cfg_path" || { echo "cd $ssl_cfg_path error"; exit; } # Create CA certificate /usr/lib/ssl/misc/CA.pl -newca # Create an unpassworded private key and create an unsigned public key certificate -openssl req -new -nodes -keyout /ssl/$FQDN-key.pem -out /ssl/$FQDN-req.pem -days 3652 +openssl req -new -nodes -keyout "$ssl_cfg_path"/"$FQDN"-key.pem -out "$ssl_cfg_path"/"$FQDN"-req.pem -days 3652 # Sign the public key certificate with CA certificate -openssl ca -out /ssl/$FQDN-cert.pem -infiles /ssl/$FQDN-req.pem +openssl ca -out "$ssl_cfg_path"/"$FQDN"-cert.pem -infiles "$ssl_cfg_path"/"$FQDN"-req.pem # Combine certificates for courier -cat /ssl/$FQDN-key.pem /ssl/$FQDN-cert.pem > /ssl/$FQDN-combined.pem +cat "$ssl_cfg_path"/"$FQDN"-key.pem "$ssl_cfg_path"/"$FQDN"-cert.pem > "$ssl_cfg_path"/"$FQDN"-combined.pem