40 lines
1.4 KiB
Bash
40 lines
1.4 KiB
Bash
#!/usr/bin/bash
|
|
export OPENSSL_CONF=./etc/kopano-ca.conf
|
|
export CA_PWD=kopano
|
|
export CA_SUBJ="/DC=de/DC=dts/O=Digital Trust Solutions/OU=Information Security Unit/CN=DTS Signing CA/"
|
|
# create ssl certificates for docker network
|
|
rm certs/*
|
|
rm tmp/*.csr
|
|
rm db/*.pem
|
|
rm db/*.db
|
|
rm db/*.srl
|
|
touch db/kopano-ca.db
|
|
touch db/kopano-ca.db.attr
|
|
echo 01 >db/kopano-ca.crt.srl
|
|
echo 01 >db/kopano-ca.crl.srl
|
|
# create signing ca (minimal pki)
|
|
# inject distinguished_name (subj) and req_extensions (-reqexts) because -section req_ca is not yet available (section default: req)
|
|
openssl req -new -reqexts ca_reqext -subj "$CA_SUBJ" -out tmp/kopano-ca.csr -passout pass:$CA_PWD -keyout certs/kopano-ca.key
|
|
openssl ca -batch -selfsign -in tmp/kopano-ca.csr -passin env:CA_PWD -notext -out certs/kopano-ca.crt -extensions signing_ca_ext
|
|
|
|
# create kopano server ssl key (for encryption)
|
|
./create-key server
|
|
|
|
# create kopano clients ssl key pair (for authentification)
|
|
# private key for client, public key for server sslkeys
|
|
./create-key dagent
|
|
./create-key spooler
|
|
./create-key search
|
|
./create-key webapp
|
|
./create-key z-push
|
|
|
|
# create postfix clients ssl key pair (for authentification)
|
|
echo >certs/relay_clientcerts
|
|
./create-postfix-certs relay
|
|
./create-postfix-certs zntrl
|
|
./create-postfix-certs baloghs
|
|
|
|
cp certs/relay_clientcerts ~/kopano-docker/etc-relay/postfix
|
|
cp certs/relay_clientcerts ~/kopano-docker/etc-zntrl/postfix
|
|
cp certs/relay_clientcerts ~/kopano-docker/etc-baloghs/postfix
|