#!/bin/sh

# based on  doc/mkcert.sh

# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.

OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl/dovecot}
OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf}

CERTDIR=$SSLDIR
KEYDIR=$SSLDIR

CERTFILE=$CERTDIR/server.pem
KEYFILE=$KEYDIR/server.key

if [ -e "$CERTFILE" ]; then
	echo "Keeiping existing $CERTFILE"
	exit 0
fi

if [ -e "$KEYFILE" ]; then
	echo "Keeiping existing $KEYFILE"
	exit 0
fi

$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
chmod 0600 $KEYFILE
echo 
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2