#!/bin/sh
OPENSSL=/usr/bin/openssl

printf "____________________________________________________________\n";
printf "This script generates the self-certificate/key for use by SSL\n";
printf "in Jabberd.  The key will be valid for 10 years (3650 days).\n";
printf "Simply answer the questions asked, being sure to use the\n";
printf "same password each time it is asked.\n\n";
printf "NOTE:  Be sure to enter the fully-qualified domain name\n";
printf "       (FQDN) of your Jabber server as the \"Common Name\"\n";
printf "       (for example \"jabber.myserver.net\").\n\n";
printf "If you want to change any of the settings, you'll need to\n";
printf "either modify this script, or execute the commands herein\n";
printf "by hand and make adjustments as needed.\n\n"
printf "For further documentation, see the Admin Guide:\n"
printf "http://jabberd.jabberstudio.org/1.4/doc/adminguide\n"
printf "____________________________________________________________\n\n";
printf "Press [Enter] when ready";
read input
$OPENSSL req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out key.pem
## This will remove the passphrase
$OPENSSL rsa -in privkey.pem -out privkey.pem
## Put it all together
cat privkey.pem >> key.pem
## Cleanup
rm privkey.pem
## Set permissions (just to be sure)
chmod 600 key.pem
printf "\n____________________________________________________________\n\n";
printf "You should now find a file called key.pem in the current\n";
printf "directory.  Be sure to configure your jabber.xml file properly,\n";
printf "setting the <ssl> section with the IP address of your Jabber\n";
printf "server and giving the path to this key.pem file.\n";
printf "Make sure jabberd's user has the rights to read the file but\n";
printf "also make sure nobody else can read the file.\n";
printf "____________________________________________________________\n\n";