-   Linux - Server (
-   -   SSL certificate for package exim does not recognize local openssl (

snucky 06-19-2009 10:28 AM

SSL certificate for package exim does not recognize local openssl

I installed openSSL from source in /usr/local/ssl/ and now installed the debian exim4 related packages for my mail server. I tried to generate a certificate for the mailserver but it doesn't recognize my local installation of openSSL (since it's not shared libraries, I suppose?)


$ /usr/share/doc/exim4-base/examples/exim-gencert
/usr/share/doc/exim4-base/examples/exim-gencert: openssl is not installed, exiting

Can anybody tell me how to tell this shell script where openssl is located?

snucky 06-19-2009 10:28 AM

that's the shell script:


#!/bin/sh -e

if [ -n "$EX4DEBUG" ]; then
  echo "now debugging $0 $@"
  set -x


# This exim binary was built with GnuTLS which does not support dhparams
# from a file. See /usr/share/doc/exim4-base/README.Debian.gz

if ! which openssl > /dev/null ;then
        echo "$0: openssl is not installed, exiting" 1>&2
        exit 1

# valid for three years

if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
  echo "[*] $CERT and $KEY exists!"
  echo "    Use \"$0 --force\" to force generation!"
  exit 0

if [ "$1" = "--force" ]; then

SSLEAY="$(tempfile -m600 -pexi)"

cat > $SSLEAY <<EOM
[ req ]
default_bits = 1024
default_keyfile = exim.key
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Code (2 letters)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company; recommended)
organizationName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_max = 64
commonName = Server name (eg. ssl.domain.tld; required!!!)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40

echo "[*] Creating a self signed SSL certificate for Exim!"
echo "    This may be sufficient to establish encrypted connections but for"
echo "    secure identification you need to buy a real certificate!"
echo "    "
echo "    Please enter the hostname of your MTA at the Common Name (CN) prompt!"
echo "    "

openssl req -config $SSLEAY -x509 -newkey rsa:1024 -keyout $KEY -out $CERT -days $DAYS -nodes
#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
rm -f $SSLEAY

chown root:Debian-exim $KEY $CERT $DH
chmod 640 $KEY $CERT $DH

echo "[*] Done generating self signed certificates for exim!"
echo "    Refer to the documentation and example configuration files"
echo "    over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
echo "    support in your mail transfer agent."

All times are GMT -5. The time now is 02:24 AM.