blob: de379a0ffc93258992dcc81f2895436ea9cbf7c6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
#!/bin/sh
set -ue
PATH="/usr/bin:/bin"
export PATH
BASEDIR="$(dirname -- "$0")"
OU="InterIMAP test suite"
cd "$BASEDIR"
cadir="$(mktemp --tmpdir --directory)"
trap 'rm -rf -- "$cadir"' EXIT INT TERM
# generate CA (we intentionally throw away the private key and serial
# file to avoid reuse)
openssl genpkey -algorithm RSA -out "$cadir/ca.key"
openssl req -new -x509 -rand /dev/urandom -subj "/OU=$OU/CN=Fake Root CA" -key "$cadir/ca.key" -out ./ca.crt
SERIAL=1
new() {
local key="$1" cn="$2"
openssl req -new -rand /dev/urandom -key "$key" \
-subj "/OU=$OU/CN=$cn" ${3+-addext subjectAltName="$3"} \
-out "$cadir/new.csr"
cat >"$cadir/new-ext.cnf" <<-EOF
basicConstraints = critical, CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, serverAuth
EOF
if [ -n "${3+x}" ]; then
printf "subjectAltName = %s\\n" "$3" >>"$cadir/new-ext.cnf"
fi
openssl x509 -req -in "$cadir/new.csr" -CA ./ca.crt -CAkey "$cadir/ca.key" \
-CAserial "$cadir/ca.srl" -CAcreateserial -extfile "$cadir/new-ext.cnf"
}
openssl genpkey -algorithm RSA -out ./dovecot.rsa.key
new ./dovecot.rsa.key "localhost" "DNS:localhost,DNS:ip6-localhost,IP:127.0.0.1,IP:::1" >./dovecot.rsa.crt
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -out ./dovecot.ecdsa.key
new ./dovecot.ecdsa.key "localhost" >./dovecot.ecdsa.crt
openssl genpkey -algorithm RSA -out ./dovecot.rsa2.key
new ./dovecot.rsa2.key "imap.example.net" "DNS:imap.example.net,DNS:localhost" >./dovecot.rsa2.crt
|
