LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-19-2009, 11:28 AM   #1
snucky
LQ Newbie
 
Registered: Jun 2009
Posts: 18

Rep: Reputation: 0
SSL certificate for package exim does not recognize local openssl


Hi,

I installed openSSL from source in /usr/local/ssl/ and now installed the debian exim4 related packages for my mail server. I tried to generate a certificate for the mailserver but it doesn't recognize my local installation of openSSL (since it's not shared libraries, I suppose?)

Code:
$ /usr/share/doc/exim4-base/examples/exim-gencert
/usr/share/doc/exim4-base/examples/exim-gencert: openssl is not installed, exiting
Can anybody tell me how to tell this shell script where openssl is located?
 
Old 06-19-2009, 11:28 AM   #2
snucky
LQ Newbie
 
Registered: Jun 2009
Posts: 18

Original Poster
Rep: Reputation: 0
that's the shell script:

Code:
#!/bin/sh -e

if [ -n "$EX4DEBUG" ]; then
  echo "now debugging $0 $@"
  set -x
fi

DIR=/etc/exim4
CERT=$DIR/exim.crt
KEY=$DIR/exim.key

# This exim binary was built with GnuTLS which does not support dhparams
# from a file. See /usr/share/doc/exim4-base/README.Debian.gz
#DH=$DIR/exim.dhparam

if ! which openssl > /dev/null ;then
	echo "$0: openssl is not installed, exiting" 1>&2
	exit 1
fi

# valid for three years
DAYS=1095

if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
  echo "[*] $CERT and $KEY exists!"
  echo "    Use \"$0 --force\" to force generation!"
  exit 0
fi

if [ "$1" = "--force" ]; then
  shift
fi     

#SSLEAY=/tmp/exim.ssleay.$$.cnf
SSLEAY="$(tempfile -m600 -pexi)"

cat > $SSLEAY <<EOM
RANDFILE = $HOME/.rnd
[ req ]
default_bits = 1024
default_keyfile = exim.key
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Code (2 letters)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company; recommended)
organizationName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_max = 64
commonName = Server name (eg. ssl.domain.tld; required!!!)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
EOM

echo "[*] Creating a self signed SSL certificate for Exim!"
echo "    This may be sufficient to establish encrypted connections but for"
echo "    secure identification you need to buy a real certificate!"
echo "    "
echo "    Please enter the hostname of your MTA at the Common Name (CN) prompt!"
echo "    "

openssl req -config $SSLEAY -x509 -newkey rsa:1024 -keyout $KEY -out $CERT -days $DAYS -nodes
#see README.Debian.gz*# openssl dhparam -check -text -5 512 -out $DH
rm -f $SSLEAY

chown root:Debian-exim $KEY $CERT $DH
chmod 640 $KEY $CERT $DH

echo "[*] Done generating self signed certificates for exim!"
echo "    Refer to the documentation and example configuration files"
echo "    over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS"
echo "    support in your mail transfer agent."
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openssl ssl error code 14090086 verify the CA cert is ok / certificate verify failed acummings Slackware 14 02-27-2009 02:51 AM
Building a certificate chain from the certificate using openSSL aravinda78 Linux - Security 1 11-10-2008 02:51 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 11:28 AM
exim is failed !!! error:package exim is not installed apache Linux - Software 0 06-24-2004 06:55 AM
Certificate with OpenSSL gr33ndata Linux - Security 3 10-03-2003 08:39 AM


All times are GMT -5. The time now is 10:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration