added postfix certificate distribution

ssl/mkcerts

@@ -3,6 +3,7 @@ export OPENSSL_CONF=./etc/kopano-ca.conf
 export CA_PWD=kopano
 export CA_SUBJ="/DC=de/DC=dts/O=Digital Trust Solutions/OU=Information Security Unit/CN=DTS Signing CA/"
 # create ssl certificates for docker network
+rm certs/*
 rm tmp/*.csr
 rm db/*.pem
 rm db/*.db
@@ -12,8 +13,9 @@ touch db/kopano-ca.db.attr
 echo 01 >db/kopano-ca.crt.srl
 echo 01 >db/kopano-ca.crl.srl
 # create signing ca (minimal pki)
+# inject distinguished_name (subj) and req_extensions (-reqexts) because -section req_ca is not yet available (section default: req)
 openssl req -new -reqexts ca_reqext -subj "$CA_SUBJ" -out tmp/kopano-ca.csr -passout pass:$CA_PWD -keyout certs/kopano-ca.key
-openssl ca -batch -selfsign -in tmp/kopano-ca.csr -passin env:CA_PWD -out certs/kopano-ca.crt -extensions signing_ca_ext
+openssl ca -batch -selfsign -in tmp/kopano-ca.csr -passin env:CA_PWD -notext -out certs/kopano-ca.crt -extensions signing_ca_ext
 
 # create kopano server ssl key (for encryption)
 ./create-key server
@@ -25,3 +27,13 @@ openssl ca -batch -selfsign -in tmp/kopano-ca.csr -passin env:CA_PWD -out certs/
 ./create-key search
 ./create-key webapp
 ./create-key z-push
+
+# create postfix clients ssl key pair (for authentification)
+echo >certs/relay_clientcerts
+./create-postfix-certs relay
+./create-postfix-certs zntrl
+./create-postfix-certs baloghs
+
+cp certs/relay_clientcerts ~/kopano-docker/etc-relay/postfix
+cp certs/relay_clientcerts ~/kopano-docker/etc-zntrl/postfix
+cp certs/relay_clientcerts ~/kopano-docker/etc-baloghs/postfix