#!/bin/sh
OPENSSL=/usr/bin/openssl
printf "____________________________________________________________\n";
printf "This script generates the self-certificate/key for use by SSL\n";
printf "in Jabberd. The key will be valid for 10 years (3650 days).\n";
printf "Simply answer the questions asked, being sure to use the\n";
printf "same password each time it is asked.\n\n";
printf "NOTE: Be sure to enter the fully-qualified domain name\n";
printf " (FQDN) of your Jabber server as the \"Common Name\"\n";
printf " (for example \"jabber.myserver.net\").\n\n";
printf "If you want to change any of the settings, you'll need to\n";
printf "either modify this script, or execute the commands herein\n";
printf "by hand and make adjustments as needed.\n\n"
printf "For further documentation, see the Admin Guide:\n"
printf "http://jabberd.jabberstudio.org/1.4/doc/adminguide\n"
printf "____________________________________________________________\n\n";
printf "Press [Enter] when ready";
read input
$OPENSSL req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out key.pem
$OPENSSL rsa -in privkey.pem -out privkey.pem
cat privkey.pem >> key.pem
rm privkey.pem
chmod 600 key.pem
printf "\n____________________________________________________________\n\n";
printf "You should now find a file called key.pem in the current\n";
printf "directory. Be sure to configure your jabber.xml file properly,\n";
printf "setting the <ssl> section with the IP address of your Jabber\n";
printf "server and giving the path to this key.pem file.\n";
printf "Make sure jabberd's user has the rights to read the file but\n";
printf "also make sure nobody else can read the file.\n";
printf "____________________________________________________________\n\n";