Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 06-19-2009, 11:28 AM   #1
LQ Newbie
Registered: Jun 2009
Posts: 18

Rep: Reputation: 0
SSL certificate for package exim does not recognize local openssl


I installed openSSL from source in /usr/local/ssl/ and now installed the debian exim4 related packages for my mail server. I tried to generate a certificate for the mailserver but it doesn't recognize my local installation of openSSL (since it's not shared libraries, I suppose?)

$ /usr/share/doc/exim4-base/examples/exim-gencert
/usr/share/doc/exim4-base/examples/exim-gencert: openssl is not installed, exiting
Can anybody tell me how to tell this shell script where openssl is located?
Old 06-19-2009, 11:28 AM   #2
LQ Newbie
Registered: Jun 2009
Posts: 18

Original Poster
Rep: Reputation: 0
that's the shell script:

#!/bin/sh -e

if [ -n "$EX4DEBUG" ]; then
  echo "now debugging $0 $@"
  set -x


# This exim binary was built with GnuTLS which does not support dhparams
# from a file. See /usr/share/doc/exim4-base/README.Debian.gz

if ! which openssl > /dev/null ;then
	echo "$0: openssl is not installed, exiting" 1>&2
	exit 1

# valid for three years

if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
  echo "[*] $CERT and $KEY exists!"
  echo "    Use \"$0 --force\" to force generation!"
  exit 0

if [ "$1" = "--force" ]; then

SSLEAY="$(tempfile -m600 -pexi)"

cat > $SSLEAY <<EOM
[ req ]
default_bits = 1024
default_keyfile = exim.key
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Code (2 letters)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company; recommended)
organizationName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_max = 64
commonName = Server name (eg. ssl.domain.tld; required!!!)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40

echo "[*] Creating a self signed SSL certificate for Exim!"
echo "    This may be sufficient to establish encrypted connections but for"
echo "    secure identification you need to buy a real certificate!"
echo "    "
echo "    Please enter the hostname of your MTA at the Common Name (CN) prompt!"
echo "    "

openssl req -config $SSLEAY -x509 -newkey rsa:1024 -keyout $KEY -out $CERT -days $DAYS -nodes
#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
rm -f $SSLEAY

chown root:Debian-exim $KEY $CERT $DH
chmod 640 $KEY $CERT $DH

echo "[*] Done generating self signed certificates for exim!"
echo "    Refer to the documentation and example configuration files"
echo "    over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
echo "    support in your mail transfer agent."


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
openssl ssl error code 14090086 verify the CA cert is ok / certificate verify failed acummings Slackware 14 02-27-2009 02:51 AM
Building a certificate chain from the certificate using openSSL aravinda78 Linux - Security 1 11-10-2008 02:51 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 11:28 AM
exim is failed !!! error:package exim is not installed apache Linux - Software 0 06-24-2004 06:55 AM
Certificate with OpenSSL gr33ndata Linux - Security 3 10-03-2003 08:39 AM

All times are GMT -5. The time now is 05:41 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration