#!/bin/bash
#
# Create a self-signed certificate.
# Taken in parts from a script by Andreas B. Mundt <andi@debian.org>.

set -e

TEMPLATE="/usr/share/ssl-cert/ssleay.cnf"
CONF=$(mktemp)
CERT="/etc/exim4/exim.crt"
KEY="/etc/exim4/exim.key"

if [ ! -f $CERT ] || [ ! -f $KEY ]; then
    sed -e s#@HostName@#"postoffice.intern"# $TEMPLATE > $CONF
    echo "subjectAltName=DNS:postoffice.intern,DNS:postoffice.intern" >> $CONF
    openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY
    chmod 640 $KEY $CERT $CONF
    chown root:Debian-exim $KEY $CERT
else
    echo "$CERT and $KEY already exist, skipping!"
fi

rm $CONF
