Commit ca34c1b1 authored by Joshua Tauberer's avatar Joshua Tauberer

Merge pull request #68 from mkropat/protect-key

Protect private key from being world-readable
parents 3fa8e384 42bf6240
......@@ -217,11 +217,12 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
# SSL CERTIFICATE
mkdir -p $STORAGE_ROOT/ssl
if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
# Generate a new private key if one doesn't already exist.
openssl genrsa -out $STORAGE_ROOT/ssl/ssl_private_key.pem 2048
# Set the umask so the key file is not world-readable.
(umask 077; openssl genrsa -out $STORAGE_ROOT/ssl/ssl_private_key.pem 2048)
fi
if [ ! -f $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr ]; then
# Generate a certificate signing request if one doesn't already exist.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment