#!/bin/bash
#
# Create a self-signed certificate for exim4 and switch on TLS.
#

set -e

## Activate TLS for exim:
FILE=/etc/exim4/conf.d/main/000_localmacros
ainsl -a $FILE "MAIN_TLS_ENABLE = yes"

## Create certificate:
CERT="/etc/exim4/exim.crt"
KEY="/etc/exim4/exim.key"
CONF="/etc/exim4/exim.cnf"
TEMPLATE="${target}/usr/share/ssl-cert/ssleay.cnf"
HostName="${HOSTNAME}.intern"

if [ -f $target/$CERT ] && [ -f $target/$KEY ]; then
  echo "$CERT and $KEY exists, exiting!"
  exit 0
fi

sed -e s#@HostName@#"$HostName"# $TEMPLATE > ${target}/$CONF
echo "subjectAltName=DNS:$HostName,DNS:mail.intern" >> ${target}/$CONF

$ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY

$ROOTCMD chmod 640 $KEY $CERT $CONF
$ROOTCMD chown root:Debian-exim $KEY $CERT
