diff --git a/app.config b/app.config index 67da907..975bb3c 100644 --- a/app.config +++ b/app.config @@ -1,109 +1,127 @@ [ %% SASL config {sasl, [ {sasl_error_logger, {file, "log/sasl-error.log"}}, {errlog_type, error}, {error_logger_mf_dir, "log/sasl"}, % Log directory {error_logger_mf_maxbytes, 10485760}, % 10 MB max file size {error_logger_mf_maxfiles, 5} % 5 files max ]}, { kolab_guam, [ { imap_servers, [ { default, [ { host, "192.168.56.101" }, { port, 143 }, { tls, no } ] }, { kolabsys, [ { host, "imap.kolabsys.com" }, { port, 143 }, { tls, starttls } ] }, { kolabnow, [ { host, "imap.kolabnow.com" }, { port, 993 }, { tls, true } ] }, { localhost, [ { host, "127.0.0.1" }, { port, 993 }, { tls, true } ] } ] }, { listeners, [ { default, [ { port, 1143 }, { imap_server, default }, { rules, [ { filter_groupware, [] } ] }, { listener_pool_size, 10 }, { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } ] }, { default_tls, [ { port, 1993 }, { imap_server, default }, { rules, [ { filter_groupware, [] } ] }, { implicit_tls, true }, { tls_config, [ { certfile, "/etc/ssl/sample.cert" }, { keyfile, "/etc/ssl/sample.key" } ] } ] }, { kolabsys, [ { port, 1994 }, { imap_server, kolabsys }, { rules, [ { filter_groupware, [] } ] }, { tls_config, [ { certfile, "/etc/ssl/sample.cert" }, { keyfile, "/etc/ssl/sample.key" } ] } ] }, { localhost, [ { port, 1995 }, { imap_server, localhost }, { rules, [ { filter_groupware, [] } ] } ] }, { kolabnow, [ { port, 1996 }, { imap_server, kolabnow }, - { implicit_tls, false }, + { implicit_tls, false }, { rules, [ { filter_groupware, [] }, { audit, [] } ] } ] + }, + { kolabnow_tls, [ + { port, 1997 }, + { imap_server, kolabnow }, + { implicit_tls, true }, + { rules, [ + { filter_groupware, [] }, + { audit, [] } + ] + }, + { tls_config, [ + { certfile, "/home/mollekopf/src/guam/certs/localhost.cert" }, + { keyfile, "/home/mollekopf/src/guam/certs/localhost.key" }, + { cacertfile, "/home/mollekopf/src/guam/certs/ca.cert" }, + { dhfile, "/home/mollekopf/src/guam/certs/dhparam4096.pem" }, + { verify, verify_none } + ] } + ] } ] } ] }, { lager, [ { handlers, [ { lager_console_backend, debug }, { lager_file_backend, [ { file, "log/error.log"}, { level, error } ] }, { lager_file_backend, [ { file, "log/console.log"}, { level, debug } ] } ] } ] } ]. %%{lager_syslog_backend, ["guam", mail, info]}, diff --git a/generatecerts.sh b/generatecerts.sh new file mode 100755 index 0000000..3ce8e4b --- /dev/null +++ b/generatecerts.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Generates test certificates for localhost so tls can be tested + +base_dir=$(dirname $(dirname $0)) + +cert_dir="${base_dir}/certs/" + +if [ ! -d "${cert_dir}" ]; then + mkdir -p ${cert_dir} +fi + +if [ ! -f "${cert_dir}/ca.key" ]; then + openssl genrsa -out ${cert_dir}/ca.key 4096 + + openssl req \ + -new \ + -x509 \ + -nodes \ + -days 3650 \ + -key ${cert_dir}/ca.key \ + -out ${cert_dir}/ca.cert \ + -subj '/O=Example CA/' +fi + +if [ -f /etc/pki/tls/openssl.cnf ]; then + openssl_cnf="/etc/pki/tls/openssl.cnf" +elif [ -f /etc/ssl/openssl.cnf ]; then + openssl_cnf="/etc/ssl/openssl.cnf" +else + echo "No openssl.cnf" + exit 1 +fi + +for name in localhost; do + openssl genrsa -out ${cert_dir}/${name}.key 4096 + + openssl req \ + -new \ + -key ${cert_dir}/${name}.key \ + -out ${cert_dir}/${name}.csr \ + -subj "/O=Example CA/CN=${name}/" \ + -reqexts SAN \ + -config <(cat ${openssl_cnf} \ + <(printf "[SAN]\nsubjectAltName=DNS:${name}")) + + openssl x509 \ + -req \ + -in ${cert_dir}/${name}.csr \ + -CA ${cert_dir}/ca.cert \ + -CAkey ${cert_dir}/ca.key \ + -CAcreateserial \ + -out ${cert_dir}/${name}.cert \ + -days 28 \ + -extfile <(cat ${openssl_cnf} \ + <(printf "[SAN]\nsubjectAltName=DNS:${name}")) \ + -extensions SAN +done + +openssl dhparam -out ${cert_dir}/dhparam4096.pem + +chmod 644 ${cert_dir}/*.{cert,key,pem}