dovecot ca name alteration

c1afe000 · Bob Mottram · ffb97e50 · c1afe000 · c1afe000
Commit c1afe000 authored 9 years ago by Bob Mottram
--- a/src/freedombone
+++ b/src/freedombone
@@ -5683,12 +5683,12 @@ function configure_imap_client_certs {
    echo '}' >> /etc/dovecot/conf.d/10-auth.conf
  fi
  # make a CA cert
-  if [ ! -f /etc/ssl/private/dovecot-ca.key ]; then
-      freedombone-addcert -h dovecot-ca --ca
+  if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
+      freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca
  fi
  # CA configuration
  echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
-  echo 'default_ca = dovecot-ca' >> /etc/ssl/dovecot-ca.cnf
+  echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf
  echo '' >> /etc/ssl/dovecot-ca.cnf
  echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf
  echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf
@@ -5696,9 +5696,9 @@ function configure_imap_client_certs {
  echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf
  echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf
  echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf
-  echo 'certificate = /etc/ssl/certs/dovecot-ca.crt' >> /etc/ssl/dovecot-ca.cnf
+  echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf
  echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf
-  echo 'private_key = /etc/ssl/private/dovecot-ca.key' >> /etc/ssl/dovecot-ca.cnf
+  echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf
  echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
  echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
  echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf

--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -91,6 +91,7 @@ case $key in
    ;;
    --ca)
    EXTENSIONS="-extensions v3_ca"
+    ORGANISATION="Freedombone-CA"
    ;;
    --nodh)
    NODH="true"
@@ -112,13 +113,21 @@ if ! which openssl > /dev/null ;then
    exit 5689
 fi

-openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
+CERTFILE=$HOSTNAME
+if [[ $EXTENSIONS != "" ]]; then
+	CERTFILE="ca-$HOSTNAME"
+fi
+
+openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 \
+		-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
+		-newkey rsa:4096 -keyout /etc/ssl/private/$CERTFILE.key \
+		-out /etc/ssl/certs/$HOSTNAME.crt
 if [ ! $NODH ]; then
-    openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
+    openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$CERTFILE.dhparam
 fi
-chmod 400 /etc/ssl/private/$HOSTNAME.key
-chmod 640 /etc/ssl/certs/$HOSTNAME.crt
-chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam
+chmod 400 /etc/ssl/private/$CERTFILE.key
+chmod 640 /etc/ssl/certs/$CERTFILE.crt
+chmod 640 /etc/ssl/certs/$CERTFILE.dhparam

 if [ -f /etc/init.d/nginx ]; then
  /etc/init.d/nginx reload
@@ -129,7 +138,7 @@ fi
 if [ ! -d /etc/ssl/mycerts ]; then
  mkdir /etc/ssl/mycerts
 fi
-cp /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/mycerts
+cp /etc/ssl/certs/$CERTFILE.crt /etc/ssl/mycerts

 # Create a bundle of your certificates
 cat /etc/ssl/mycerts/*.crt > /etc/ssl/freedombone-bundle.crt