mkdir -p './sensors.d'
mkdir -p './skel/.ssh'
mkdir -p './ssh/ca'
+mkdir -p './ssl/CA-Brehm/certs'
+mkdir -p './ssl/CA-Brehm/crl'
+mkdir -p './ssl/CA-Brehm/newcerts'
mkdir -p './sudoers.d'
mkdir -p './texmf/dvipdfm/config'
mkdir -p './texmf/dvips.d'
maybe chmod 0644 './ssh/ssh_host_rsa_key.pub'
maybe chmod 0600 './ssh/sshd_config'
maybe chmod 0755 './ssl'
+maybe chmod 0755 './ssl/CA-Brehm'
+maybe chmod 0755 './ssl/CA-Brehm/apache2'
+maybe chmod 0755 './ssl/CA-Brehm/apache2/mkcert'
+maybe chmod 0644 './ssl/CA-Brehm/apache2/myadmin-cert.cnf'
+maybe chmod 0600 './ssl/CA-Brehm/apache2/myadmin-cert.pem'
+maybe chmod 0644 './ssl/CA-Brehm/apache2/webmail-cert.cnf'
+maybe chmod 0600 './ssl/CA-Brehm/apache2/webmail-cert.pem'
+maybe chmod 0644 './ssl/CA-Brehm/cacert.pem'
+maybe chmod 0755 './ssl/CA-Brehm/certs'
+maybe chmod 0755 './ssl/CA-Brehm/courier-imap'
+maybe chmod 0644 './ssl/CA-Brehm/courier-imap/imapd.cnf'
+maybe chmod 0600 './ssl/CA-Brehm/courier-imap/imapd.pem'
+maybe chmod 0755 './ssl/CA-Brehm/courier-imap/mkcert'
+maybe chmod 0644 './ssl/CA-Brehm/courier-imap/pop3d.cnf'
+maybe chmod 0600 './ssl/CA-Brehm/courier-imap/pop3d.pem'
+maybe chmod 0755 './ssl/CA-Brehm/crl'
+maybe chmod 0755 './ssl/CA-Brehm/newcerts'
+maybe chmod 0755 './ssl/CA-Brehm/postfix'
+maybe chmod 0755 './ssl/CA-Brehm/postfix/mkcert'
+maybe chmod 0644 './ssl/CA-Brehm/postfix/postfix-cert.cnf'
+maybe chmod 0600 './ssl/CA-Brehm/postfix/postfix.pem'
+maybe chmod 0755 './ssl/CA-Brehm/private'
+maybe chmod 0644 './ssl/CA-Brehm/private/ca.key.unsecure'
+maybe chmod 0644 './ssl/CA-Brehm/private/cakey.pem'
+maybe chmod 0755 './ssl/CA-Brehm/stunnel'
+maybe chmod 0755 './ssl/CA-Brehm/stunnel/mkcert'
+maybe chmod 0644 './ssl/CA-Brehm/stunnel/stunnel-cert.cnf'
+maybe chmod 0644 './ssl/CA-Brehm/stunnel/stunnel.rand'
+maybe chmod 0644 './ssl/CA-Brehm/uhu.txt'
maybe chmod 0755 './ssl/apache2'
maybe chmod 0444 './ssl/apache2/server.crt'
maybe chmod 0444 './ssl/apache2/server.csr'
maybe chmod 0755 './ssl/misc/c_name'
maybe chmod 0755 './ssl/misc/tsget'
maybe chmod 0644 './ssl/openssl.cnf'
+maybe chmod 0644 './ssl/openssl.cnf.default'
maybe chmod 0755 './ssl/postfix'
maybe chmod 0444 './ssl/postfix/server.crt'
maybe chmod 0444 './ssl/postfix/server.csr'
maybe chmod 0700 './ssl/private'
maybe chmod 0644 './ssl/private/.keep_dev-libs_openssl-0'
maybe chmod 0755 './stunnel'
+maybe chmod 0755 './stunnel/old'
+maybe chown stunnel './stunnel/old/stunnel.crt'
+maybe chgrp stunnel './stunnel/old/stunnel.crt'
+maybe chmod 0640 './stunnel/old/stunnel.crt'
+maybe chown stunnel './stunnel/old/stunnel.csr'
+maybe chgrp stunnel './stunnel/old/stunnel.csr'
+maybe chmod 0640 './stunnel/old/stunnel.csr'
+maybe chown stunnel './stunnel/old/stunnel.key'
+maybe chgrp stunnel './stunnel/old/stunnel.key'
+maybe chmod 0640 './stunnel/old/stunnel.key'
+maybe chown stunnel './stunnel/old/stunnel.pem'
+maybe chgrp stunnel './stunnel/old/stunnel.pem'
+maybe chmod 0640 './stunnel/old/stunnel.pem'
maybe chmod 0644 './stunnel/stunnel.conf'
+maybe chmod 0644 './stunnel/stunnel.pem'
maybe chmod 0440 './sudoers'
maybe chmod 0750 './sudoers.d'
maybe chmod 0644 './sysctl.conf'
# old versions of files
*.old
+motd
+
# mount(8) records system state here, no need to store these
blkid.tab
blkid.tab.old
+++ /dev/null
-Linux uhu1 3.2.1-gentoo-r2 #1 SMP Mon Jan 30 16:49:14 CET 2012 x86_64 AMD Opteron 23xx (Gen 3 Class Opteron) AuthenticAMD GNU/Linux
-Gentoo Base System release 2.0.3
- _ _ _ _
-| | | | |__ _ _ / |
-| | | | '_ \| | | | | |
-| |_| | | | | |_| | | |
- \___/|_| |_|\__,_| |_|
-
-
-Manche Menschen tun nichts - aber sie tun es auf eine faszinierende
-Weise.
- -- Curzio Malaparte (eigentlich: Kurt Erich Suckert)
-
-Today is Sweetmorn, the 31st day of Chaos in the YOLD 3178
-
--- /dev/null
+/etc/init.d/stunnel
\ No newline at end of file
--- /dev/null
+#! /bin/sh
+#
+# This is a short script to quickly generate a self-signed X.509 key for
+# Courier-IMAP/POP3 over SSL.
+
+test -x /usr/bin/openssl || exit 0
+
+CADir="/etc/ssl/CA-Brehm/apache2"
+prefix="/usr"
+randfile="$CADir/apache2.rand"
+days=1875
+do_install=0
+
+Instances="webmail myadmin"
+
+echo
+echo "Generating Random file '$randfile' ..."
+dd if=/dev/urandom of=$randfile count=1 2>/dev/null
+
+for i in $Instances ; do
+
+ pemfile="$CADir/$i-cert.pem"
+ conffile="$CADir/$i-cert.cnf"
+
+ if [ -f $pemfile ]; then
+ echo "$pemfile already exists."
+ continue
+ fi
+ do_install=1
+
+ if [ ! -f $conffile ] ; then
+ echo "$conffile does not exists!"
+ exit 2
+ fi
+
+ cp /dev/null $pemfile
+ chmod 600 $pemfile
+ chown root $pemfile
+
+ cleanup() {
+ echo
+ echo "Emergency Cleanup ..." >&2
+ rm -f $pemfile
+ rm -f $randfile
+ exit 10
+ }
+
+ echo "Generating Cert for IMAP ..."
+ /usr/bin/openssl req -new -x509 -days $days -nodes \
+ -config $conffile -out $pemfile -keyout $pemfile || cleanup
+ /usr/bin/openssl gendh -rand $randfile 512 >> $pemfile || cleanup
+ /usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup
+
+done
+
+if [ "$do_install" = "1" ] ; then
+
+ echo
+ echo "Installing Certificates ..."
+
+ for i in $Instances ; do
+
+ pemfile="$CADir/$i-cert.pem"
+ pemfile_orig="/etc/apache2/ssl/$i-cert.pem"
+
+ cp -pv $pemfile $pemfile_orig
+
+ done
+
+fi
+
+rm -f $randfile
+
--- /dev/null
+RANDFILE = /usr/share/webmail.rand
+
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+C=DE
+ST=Berlin
+L=Berlin
+O=Brehm
+OU=Frank Brehm SSL Key
+CN=myadmin.brehm-online.com
+emailAddress=frank@brehm-online.com
+
+
+[ cert_type ]
+nsCertType = server
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC0+qDrRPNPHnd/sD2Vp6ZRy87g0X22CpVMLZpjj2tEKPyf1N/t
+VoiHdOHSVLJZrmBf26A5MknUENgEFHqvjO3dPFV7x/VL9OzrrGKS5QBEoaDGheAp
+Qow/FKMYA93uFGiG4jcoC7gj+uA3zNeU+fUSHHbqEf9hm+cBtOKG7XVb5QIDAQAB
+AoGAJrrP/ylFTHQ/rILB2yoCjNSp1DDgzzlak+/ab1383ZxL28SJm1f+ZcacoQ9h
+D5Iiq8Dre/IIHKryH4Vmb/Uf3fFlLbfDcalIIZRKlLmJ43oahUI4aPRthaEN+t2X
+4PgL0uQ/4BeCs32ivGz+QWjgx2tuxIkIv7B+JYjyjJ/9QoECQQDd2QCnd70OcQVT
+0EYkWKOkRohjiuM4M+vtN7jiiWDmAsKGFaQwNnUCIMl1nGph00DBz2cyb9XvF0Cb
+hcrjC5fFAkEA0Nb/Absi8Clz9tdjOE+hWthUIkQhdtCJ8Hdm4JdUUvsGH+GyKJfh
+Fq3CyNzTsFBk8eoeEJ6zY7FKEZpmwJTVoQJBAIeC5kNlgLYxk29+6VmKS2stKmKj
+k+fgz1w3jVfTUr0tMmV1ErXgjdie7nBI+zKGOCgq6H6GkcdaDLzzHNtTWYECQQCS
+SKbjPYQhmcfC9ehoP08U5Uc5oWOXaEfXCqwjUZ0davxFRMCYsppWWmyAaj5V2Fp9
+IbLhjWi2wi7R2cdzyk1BAkB6cOePmPRIIggpl12rKor1Uw+PFWf94tQZRjOPAhWW
+H10M7NiPZSzh1UUDlhiNsV220TKzr+XN9idDCxq1ho58
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAkygAwIBAgIJAN/wUh5zk64nMA0GCSqGSIb3DQEBBQUAMIGnMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDjAMBgNV
+BAoTBUJyZWhtMRwwGgYDVQQLExNGcmFuayBCcmVobSBTU0wgS2V5MSEwHwYDVQQD
+ExhteWFkbWluLmJyZWhtLW9ubGluZS5jb20xJTAjBgkqhkiG9w0BCQEWFmZyYW5r
+QGJyZWhtLW9ubGluZS5jb20wHhcNMDYxMjA4MjIzNjU5WhcNMTIwMTI2MjIzNjU5
+WjCBpzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
+bGluMQ4wDAYDVQQKEwVCcmVobTEcMBoGA1UECxMTRnJhbmsgQnJlaG0gU1NMIEtl
+eTEhMB8GA1UEAxMYbXlhZG1pbi5icmVobS1vbmxpbmUuY29tMSUwIwYJKoZIhvcN
+AQkBFhZmcmFua0BicmVobS1vbmxpbmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC0+qDrRPNPHnd/sD2Vp6ZRy87g0X22CpVMLZpjj2tEKPyf1N/tVoiH
+dOHSVLJZrmBf26A5MknUENgEFHqvjO3dPFV7x/VL9OzrrGKS5QBEoaDGheApQow/
+FKMYA93uFGiG4jcoC7gj+uA3zNeU+fUSHHbqEf9hm+cBtOKG7XVb5QIDAQABoxUw
+EzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAA+PPUJ1IWo+i
+lZlDQAOfLscsjv37dJtrvZguPV9aNTSRv1RgJSFseMt/CYjrzxXD2GKhDk8wyE1D
+qTy87Os2WXqBKm+6L38hheZoUcIorPwTOmh5KZXwtbyxfmKXg3lXXGDm60E6Pkf7
+O2+jRSctKlQe36TIAZxUpfumY2pVQZA=
+-----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+MEYCQQDYf1RIczbTmgovRnZ8SA/b9l4b+t0dPW3/CHEUJU93w20YQ3yap6xrWIQk
+wVzhsgf+zmajDFpfQU2JJKc35oA7AgEC
+-----END DH PARAMETERS-----
--- /dev/null
+RANDFILE = /usr/share/webmail.rand
+
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+C=DE
+ST=Berlin
+L=Berlin
+O=Brehm
+OU=Brehm SSL Key
+CN=webmail.brehm-online.com
+emailAddress=frank@brehm-online.com
+
+
+[ cert_type ]
+nsCertType = server
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCsrn1fttalMjRvpAVCkc/CCtprt8ifRyXuiq0njfw5x//eNjxg
+G551XNrNHOUagA3gwXFJaU9ZnjYx0nnzqhIzV3ZySbxXcDM7yDwFsygCgvLlAiO9
+hiyjGnMGx83Bm+fAYt/UgyXw1Ur7QjbbKlhZvaIFZprZL3YavjhgQg64dwIDAQAB
+AoGBAKuJEgYYjJTBkJEuMAN28RjiyyKiCGsgtC+IFoXqZ5nGcQf+fG9EQF55hOio
+QXXXqvGPd8fjEu4FWfSYDojccwJnizcrt8bpSQW3tEr8/wsqX4UJhV8N+gk4+HTM
+8ZpATdqp6q21BkkYcnMK6fqYjt4ekhLsbJk+IR5lLzKxy/IRAkEA1+lCM3miOVmD
+MMXFUKltLtuDthZQw8p4tQ4/k1u0OfwU+PQlKY4F1AgLFqtkHoWJwWvUnMvT5+9F
+AB6njPi5owJBAMy+btu+jow8ix+nII09BAJQDfe+Fa1ngkFV+FRTsrpTcF4MNt+l
+L2BwwFkbsAnoGWU6B83UUJZ4TparR5hUmx0CQHN94luGhLAIoZRFNfafqjeWVC3i
+YfFZLJgstvUr6Ivbu5wvfHFt9tAkPUozA6sP41ADTgdRQFigNFiMDTPrF+ECQGIC
+VvcCBSLEaKTCUCbMKnsg707Ew4O6pPO5v6I+XrQq9QNQPYRZgpBb6Pe+9UoIvP9k
+BBBXriwZcyVU4HTfK1ECQQDV0JEKQ3r5eKPPWaefKGYUtrWHh8KpNT8oujVMSWxG
+0OazqbiyHhucgmLsbi6JCrAEGhFJBYZ32chVnmLlXTpb
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAkCgAwIBAgIJAPNANtEQARp7MA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDjAMBgNV
+BAoTBUJyZWhtMRYwFAYDVQQLEw1CcmVobSBTU0wgS2V5MSEwHwYDVQQDExh3ZWJt
+YWlsLmJyZWhtLW9ubGluZS5jb20xJTAjBgkqhkiG9w0BCQEWFmZyYW5rQGJyZWht
+LW9ubGluZS5jb20wHhcNMDYxMjA4MjIzNjU5WhcNMTIwMTI2MjIzNjU5WjCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ4w
+DAYDVQQKEwVCcmVobTEWMBQGA1UECxMNQnJlaG0gU1NMIEtleTEhMB8GA1UEAxMY
+d2VibWFpbC5icmVobS1vbmxpbmUuY29tMSUwIwYJKoZIhvcNAQkBFhZmcmFua0Bi
+cmVobS1vbmxpbmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsrn1f
+ttalMjRvpAVCkc/CCtprt8ifRyXuiq0njfw5x//eNjxgG551XNrNHOUagA3gwXFJ
+aU9ZnjYx0nnzqhIzV3ZySbxXcDM7yDwFsygCgvLlAiO9hiyjGnMGx83Bm+fAYt/U
+gyXw1Ur7QjbbKlhZvaIFZprZL3YavjhgQg64dwIDAQABoxUwEzARBglghkgBhvhC
+AQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAFGM8hI3QLDFaZYuiOMUyZpf1G4Pi
+OaFpA+syrqmcZXvVM+ioiRU1+Mbu0FFku0Ac9WWAwMyjIFh4ZQQYWfoEsQrH/hBJ
+BkD4zNAhjjPIuJ8iDs1sUqw91yq5UUeRQAzY3/rFZHvbeswQUDVOJaCSYuOt1gOc
+oZYY42gyvdmBnWc=
+-----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+MEYCQQCZLOhh5tHEUjvRnBolCP22LO27aCcqwCfLPtGICExFfUi6dt1uxeTWh3Od
+Kr4x2UXbRAyuc7f0/akmlV2iXLNrAgEC
+-----END DH PARAMETERS-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEXjCCA0agAwIBAgIJANXZwUXwSSF0MA0GCSqGSIb3DQEBBQUAMHwxCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEOMAwGA1UE
+ChMFQnJlaG0xFDASBgNVBAMTC0ZyYW5rIEJyZWhtMSUwIwYJKoZIhvcNAQkBFhZm
+cmFua0BicmVobS1vbmxpbmUuY29tMB4XDTA2MTIwODIyMjUxNFoXDTA3MTIwODIy
+MjUxNFowfDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
+QmVybGluMQ4wDAYDVQQKEwVCcmVobTEUMBIGA1UEAxMLRnJhbmsgQnJlaG0xJTAj
+BgkqhkiG9w0BCQEWFmZyYW5rQGJyZWhtLW9ubGluZS5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCzdA4uA7do5IV6ontPiLv+c5m3bC6YpqN9yVHd
+H1E6GyGl/Z55C5+wPATJx31E+bR7bQfn1AnZu/b+BMnFU/TmTIyMvBc5IvsYgSjB
+fZDRwt5y5r20EWkJDudFIisOH03MUXVYOSt55JtIdLnMo4X1E/vqySDq0dCDFWOQ
+veQW7c+DdSTXSYKeQ8GSzOv2xzC4v+7VTgY93AxY/M5odrED9scyKvbidpgbZ0KR
+Ki8gK6IKVmwA9yFTOl73a+p3SWKiXPLbpJ1LpB5Ou/rMmXs2/tM8upOkeaei6pem
+QazMW+kDnvpVQgPbqv6REb40MOUThaaGz+YUNXQnMoJtZllFAgMBAAGjgeIwgd8w
+HQYDVR0OBBYEFIaqKzY2iHMTs78X3VHgAfLFncfKMIGvBgNVHSMEgacwgaSAFIaq
+KzY2iHMTs78X3VHgAfLFncfKoYGApH4wfDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ4wDAYDVQQKEwVCcmVobTEUMBIGA1UE
+AxMLRnJhbmsgQnJlaG0xJTAjBgkqhkiG9w0BCQEWFmZyYW5rQGJyZWhtLW9ubGlu
+ZS5jb22CCQDV2cFF8EkhdDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IB
+AQCrSRKbFKp7/ZkBTT5zBD+LR3BRyll4dcenp+XdSsjEWCdxEg7b08GaS7NelpwC
+Oj4YLZAtCqbsiOIy32FRkb2wdiGR7p1LwAyg4UOIfWjKTMRi9MNaWLMJn2tN1qcH
+jzyANwXb/WCRnU8WeGAGKvHWuuGce3lpOnxoX6h3lxAnsD06xGtOQjgvz2OS9ZWF
+RFKe96jWVosCFGbkZK4j3rRnW7PgbzMX8gcMISyQXEhhY52YMdLcFaoJhy25m+x3
+DROsgXG4aEVa+vrcXYYBp6PcUgpsRB7rKI41ArSWzF2thdzRPI2SjPwCVQ86373I
+R6DAmCw1msB4Do0EaLCoVYTF
+-----END CERTIFICATE-----
--- /dev/null
+
+RANDFILE = /usr/share/imapd.rand
+
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+C=DE
+ST=Brehm
+L=Brehm
+O=Brehm
+OU=Courier Mail Server IMAP SSL key
+CN=mail.brehm-online.com
+emailAddress=postmaster@brehm-online.com
+
+
+[ cert_type ]
+nsCertType = server
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC1qOWbPkrY1egkrFuPopaBG3+IFWUuwh9pXu6NpvNnEfuv6WBg
+vctKRzYPwtFnCS/5l8UWjKmLI7QEJTfAt7y7+W0A2+YvORT8DU3x3NfppF2NOGRi
+jIr3np6nJk7ALdjZQ69qyplXluv0NANNfQLXYJ4MViuKTpNNkP5Kw/uZGwIDAQAB
+AoGAEA39PNskgkVlXthcvzT/WCm1+7DoYFmHrShWrO40VMeiFsnpWqNrdAUXIg11
+tEV7l/Nx16xWz5U4M6WWZ9HVPCGL/k6hCuJYuV0jhWOBsTX5bIFEIaEKIHlTlgE8
+4jMM/oh4sY9QoQUuSR51LDt2FHz+h2e04XSY9LTAEY0jIgECQQDepX5Hk6Qr6t6D
+ZBHloid5UPVqdvyBw7C1Y8FyfNH0E1UGsTcFQHqSHyt1rqsgWOSUzkGoDvMIqi6x
+EZtR+LpjAkEA0N+Pi91wB1j6oK5cHn/N2fXag6UjVqJvxmYQoJk0PVfVUpihvMOi
+ENpLt1WTe618j5Fdf5oQfVFfVGYKy53H6QJBAIcxsJtf8FlmldTsx91LeHK3ET6j
+n7JgFIYgW8/cMVTnBEM7CrDatVLTMH2WIX1T3QDquX2GDlddl1qX2VuOEAcCQQCO
+vnnnZ+nL269MaFxkK4uOzUoMdar05gXlXJM4bfsZgRE0ZUMDMd9sDQN5w24LM8DQ
+jNONBMkIG7g+gY4XITkhAkBCuzBIWAr781FMsf6u5IKqY6Q2x/RM7ob8E67UBdhG
+C7J+p7S4zb+A7Uuyo3ibkR79bp53bt7qJl6Mpfo+EJOS
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAmagAwIBAgIJANY8AlrGDSx9MA0GCSqGSIb3DQEBBQUAMIG0MQswCQYD
+VQQGEwJERTEOMAwGA1UECBMFQnJlaG0xDjAMBgNVBAcTBUJyZWhtMQ4wDAYDVQQK
+EwVCcmVobTEpMCcGA1UECxMgQ291cmllciBNYWlsIFNlcnZlciBJTUFQIFNTTCBr
+ZXkxHjAcBgNVBAMTFW1haWwuYnJlaG0tb25saW5lLmNvbTEqMCgGCSqGSIb3DQEJ
+ARYbcG9zdG1hc3RlckBicmVobS1vbmxpbmUuY29tMB4XDTA2MTIwODIyNDMxOFoX
+DTEyMDEyNjIyNDMxOFowgbQxCzAJBgNVBAYTAkRFMQ4wDAYDVQQIEwVCcmVobTEO
+MAwGA1UEBxMFQnJlaG0xDjAMBgNVBAoTBUJyZWhtMSkwJwYDVQQLEyBDb3VyaWVy
+IE1haWwgU2VydmVyIElNQVAgU1NMIGtleTEeMBwGA1UEAxMVbWFpbC5icmVobS1v
+bmxpbmUuY29tMSowKAYJKoZIhvcNAQkBFhtwb3N0bWFzdGVyQGJyZWhtLW9ubGlu
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALWo5Zs+StjV6CSsW4+i
+loEbf4gVZS7CH2le7o2m82cR+6/pYGC9y0pHNg/C0WcJL/mXxRaMqYsjtAQlN8C3
+vLv5bQDb5i85FPwNTfHc1+mkXY04ZGKMiveenqcmTsAt2NlDr2rKmVeW6/Q0A019
+AtdgngxWK4pOk02Q/krD+5kbAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIGQDAN
+BgkqhkiG9w0BAQUFAAOBgQAJcVq4xxeH1d86DoedzsqMZyT90Y5piL4NarwQekg8
+jP0+HytRdujAJB4ahKkixsUcrFIeO3ct5ZXervdwvLK5GCcnwu3Lxa33UF7HhpOA
+5+6bQXl4qh9+sL9UoxoRf2aMObVUsb0vEe7KTUViJ8rA7nI4Iny0icBJYKqvsxeH
+5Q==
+-----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+MEYCQQCd+yD50BV7puqCKcLdensocjp8erVRJ7A5DmjUOicA2Xij9QcHfq7bvN6S
+yg50QJ8JcJVV+dyKaEm1zRyRitLzAgEC
+-----END DH PARAMETERS-----
--- /dev/null
+#! /bin/sh
+#
+# This is a short script to quickly generate a self-signed X.509 key for
+# Courier-IMAP/POP3 over SSL.
+
+test -x /usr/bin/openssl || exit 0
+
+CADir="/etc/ssl/CA-Brehm/courier-imap"
+prefix="/usr"
+randfile="$CADir/courier.rand"
+days=1875
+
+pemfile_imap="$CADir/imapd.pem"
+conffile_imap="$CADir/imapd.cnf"
+pemfile_orig_imap="/etc/courier-imap/imapd.pem"
+
+pemfile_pop3="$CADir/pop3d.pem"
+conffile_pop3="$CADir/pop3d.cnf"
+pemfile_orig_pop3="/etc/courier-imap/pop3d.pem"
+
+if [ -f $pemfile_imap ]; then
+ echo "$pemfile_imap already exists."
+ exit 1
+fi
+
+if [ -f $pemfile_pop3 ]; then
+ echo "$pemfile_pop3 already exists."
+ exit 1
+fi
+
+if [ ! -f $conffile_imap ] ; then
+ echo "$conffile_imap does not exists!"
+ exit 2
+fi
+
+if [ ! -f $conffile_pop3 ] ; then
+ echo "$conffile_pop3 does not exists!"
+ exit 2
+fi
+
+cp /dev/null $pemfile_imap
+chmod 600 $pemfile_imap
+chown root $pemfile_imap
+
+cp /dev/null $pemfile_pop3
+chmod 600 $pemfile_pop3
+chown root $pemfile_pop3
+
+cleanup() {
+ echo
+ echo "Emergency Cleanup ..." >&2
+ rm -f $pemfile_imap
+ rm -f $pemfile_pop3
+ rm -f $randfile
+ exit 10
+}
+
+echo
+echo "Generating Random file '$randfile' ..."
+dd if=/dev/urandom of=$randfile count=1 2>/dev/null
+
+echo
+echo "Generating Cert for IMAP ..."
+/usr/bin/openssl req -new -x509 -days $days -nodes \
+ -config $conffile_imap -out $pemfile_imap -keyout $pemfile_imap || cleanup
+/usr/bin/openssl gendh -rand $randfile 512 >> $pemfile_imap || cleanup
+/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile_imap || cleanup
+
+echo
+echo "Generating Cert for POP3 ..."
+/usr/bin/openssl req -new -x509 -days $days -nodes \
+ -config $conffile_imap -out $pemfile_pop3 -keyout $pemfile_pop3 || cleanup
+/usr/bin/openssl gendh -rand $randfile 512 >> $pemfile_pop3 || cleanup
+/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile_pop3 || cleanup
+
+echo
+echo "Installing Certificates ..."
+cp -pv $pemfile_imap $pemfile_orig_imap
+cp -pv $pemfile_pop3 $pemfile_orig_pop3
+rm -f $randfile
+
--- /dev/null
+
+RANDFILE = /usr/share/pop3d.rand
+
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+C=DE
+ST=Berlin
+L=Berlin
+O=Brehm
+OU=Courier Mail Server POP3 SSL key
+CN=mail.brehm-online.com
+emailAddress=postmaster@brehm-online.com
+
+
+[ cert_type ]
+nsCertType = server
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDeQ2lyjAA32nPw9bGNQ6cJDbgpJVTPircwIjwthdDomVOn6uEZ
+s31kUeTHcV1UFYqKQbur7zeW0fl5AHV8fhTWIODuNGUduzgrkl/NMy753s3YJcro
+8A4T6JlXz9rHGS0P1rWt/ZJX3zty3gwNZdDLI4tw5ThPkRDGmxYe4tUCMQIDAQAB
+AoGBAIQYgIUpm7+WP64H99xDRvTkiH07yKoIgVNEJYvQqhZzefqkZ+BEgtOqsFOw
+lo0wuEPvSUCoTdt/M8uscCbrMCnviwxU/DRTEIdHdhpSKK0mJoLoZBM4Ds9/kWv2
+ObkM9injHM814alaeeb9Es8vCH0AlfgZ1UWy1jV840InA3GhAkEA84xxxGygCSix
+sYh/1lU6RKgIHlMhVG/2ecjS6TbhtRy4gIzBgobvRgO7Oq788FJ9W0Gl8BpXGJ9H
+E4LfJL4/XQJBAOmgYu+NljdEUSRONr0DZYN85ERB39iz2L9ZJucnqrhQz+UHZtfr
++9k5z5hcyVu+joBnme1/P0GCwWfJGPMeZOUCQQDCV6fQ3f02Ucq5p/qaxZehgZQ4
+3o0SG+XKeH4Uqz6gjzKLIcaoqZP1grS8tzYPb0OotlH7rokhlLfa0evOHiHhAkAo
+6ODqOczYGKpsxRVou7OG9tOx8CcWd0e5Gg9p4tROOjhtToJ/xN7xBuKHN5g67H9f
+lMSrheC5w//CAMDRsbzRAkBPZjC3hnI4k2+ThAe1S9NQVpoYbyUu5qzxr3iqNvxJ
+77xF+LcDPgVPCl6wwy+/oKl4SPSKLgWmRCVY1jzmLaVq
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAmagAwIBAgIJANqm0jsS+ZuZMA0GCSqGSIb3DQEBBQUAMIG0MQswCQYD
+VQQGEwJERTEOMAwGA1UECBMFQnJlaG0xDjAMBgNVBAcTBUJyZWhtMQ4wDAYDVQQK
+EwVCcmVobTEpMCcGA1UECxMgQ291cmllciBNYWlsIFNlcnZlciBJTUFQIFNTTCBr
+ZXkxHjAcBgNVBAMTFW1haWwuYnJlaG0tb25saW5lLmNvbTEqMCgGCSqGSIb3DQEJ
+ARYbcG9zdG1hc3RlckBicmVobS1vbmxpbmUuY29tMB4XDTA2MTIwODIyNDMyMFoX
+DTEyMDEyNjIyNDMyMFowgbQxCzAJBgNVBAYTAkRFMQ4wDAYDVQQIEwVCcmVobTEO
+MAwGA1UEBxMFQnJlaG0xDjAMBgNVBAoTBUJyZWhtMSkwJwYDVQQLEyBDb3VyaWVy
+IE1haWwgU2VydmVyIElNQVAgU1NMIGtleTEeMBwGA1UEAxMVbWFpbC5icmVobS1v
+bmxpbmUuY29tMSowKAYJKoZIhvcNAQkBFhtwb3N0bWFzdGVyQGJyZWhtLW9ubGlu
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN5DaXKMADfac/D1sY1D
+pwkNuCklVM+KtzAiPC2F0OiZU6fq4RmzfWRR5MdxXVQViopBu6vvN5bR+XkAdXx+
+FNYg4O40ZR27OCuSX80zLvnezdglyujwDhPomVfP2scZLQ/Wta39klffO3LeDA1l
+0Msji3DlOE+REMabFh7i1QIxAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIGQDAN
+BgkqhkiG9w0BAQUFAAOBgQADISOUsK2dtfAD/Go6fGxCA91/SL1FxpkxfWSA9oG0
+9GBZRlEjrbXA5Gn8DijbZ91CArjAEJlYrNPihSD5qzFgbsbD99HDV7js3HW1TODA
+QVcrEwQGsYUQyA0UOF0AByx3CuppglkayBNBFxoDYUHfK9SavdMLnUuo68Skd+9g
+tA==
+-----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+MEYCQQChYtoCiG16r+tbnSsmbpI+AMuNv4rmN/hkoTWvAMdmy3OcWIkBuhepTkZA
+yF1zxkBIH3wW6w40eqNW0W0j0uxzAgEC
+-----END DH PARAMETERS-----
--- /dev/null
+#! /bin/sh
+#
+# This is a short script to quickly generate a self-signed X.509 key for
+# Postfix over SSL. Normally this script would get called by an automatic
+# package installation routine.
+
+test -x /usr/bin/openssl || exit 0
+
+CADir="/etc/ssl/CA-Brehm/postfix"
+prefix="/usr"
+pemfile="$CADir/postfix.pem"
+randfile="$CADir/postfix.rand"
+conffile="$CADir/postfix-cert.cnf"
+pemfile_orig="/etc/postfix/postfix.pem"
+days=1875
+
+if [ -f $pemfile ]; then
+ echo "$pemfile already exists."
+ exit 1
+fi
+
+if [ ! -f $conffile ] ; then
+ echo "$conffile does not exists!"
+ exit 2
+fi
+
+cp /dev/null $pemfile
+chmod 600 $pemfile
+chown root $pemfile
+
+cleanup() {
+ rm -f $pemfile
+ rm -f $randfile
+ exit 1
+}
+
+dd if=/dev/urandom of=$randfile count=1 2>/dev/null
+/usr/bin/openssl req -new -x509 -days $days -nodes \
+ -config $conffile -out $pemfile -keyout $pemfile || cleanup
+/usr/bin/openssl gendh -rand $randfile 512 >> $pemfile || cleanup
+/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup
+rm -f $randfile
+cp -pv $pemfile $pemfile_orig
+
--- /dev/null
+
+RANDFILE = /usr/share/postfix.rand
+
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+C=DE
+ST=Berlin
+L=Berlin
+O=Berlin
+OU=Mail Server Postfix SSL key
+CN=mail.brehm-online.com
+emailAddress=postmaster@brehm-online.com
+
+
+[ cert_type ]
+nsCertType = server
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCVlGvxjXWhKDqEUkTPZO9/9b0js236ON9tt9aKDFVSrkRBtMwM
+xjkWHpc3jNT5aHtFTvalZHzr/Aa9+NTnJMKtiBTBrcyNnQUtOVQH8zbg8JrqJgj/
+MVS+gF4Aae43ofTk5juYCoh4QDXBAC//+AdhOe/FVs6jybn5G6ir/ekFBwIDAQAB
+AoGBAIwKGglbRA6uaCKsFyoIOMYXHo4HFebXSi8hl2VFaLhw2QyfJQ6sopOX7kEe
+w+IBNK/N3tM3wlD5cqJ3DXSeEPgR7laeOTC7F5cedC/ISHSvOXLVMYSnauo8H1Wi
+oZV7Vq2tKvWBCV5n20c7Q8QEtawEdQeR5Pm2xxMAlbL86+6ZAkEAxCXYH16+luHy
+LOUD5PycMu5rfbel8t5ZtKRRpD2K47/XzwSbOWG5Om6Z8mm49NeU8f6IZpiwfAyb
+H9atpa/6XQJBAMM45cHZZVjBl/2YfeF1MsFlGz3I7n7yfOHhzfkM3qPQBM0Ll8J5
+RcIADMUsGv4fcZU8/HBiwzf6WvoT17TdbrMCQBhMs+yW+TeKAE2NhaD9poAsx0ZI
+1Rc0cpqNbMvTD/zNDHhKEszWDXNutkWw0UgL2Rjttoo3Sk3j5efY2aRYG8UCQA0t
+ohTb4AOFzgTIbnbxumNjt9sL3U2kgNmerJDLVZwpRqmwxqXSGetmpXYJ7CiLZtd0
+LnZHtHXq6IlJHZ6P9BECQQCPnAVHvkVSnjjvDdFVsl8SCZAWHLgHhqd+tm3fhZ8W
+fFnqE/VQqXQhPgIvvHDvXoKpnMy6dEz2rMvJMzSBEs72
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmKgAwIBAgIJAK12Jv+IhCZ4MA0GCSqGSIb3DQEBBQUAMIGyMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBkJlcmxpbjEkMCIGA1UECxMbTWFpbCBTZXJ2ZXIgUG9zdGZpeCBTU0wga2V5
+MR4wHAYDVQQDExVtYWlsLmJyZWhtLW9ubGluZS5jb20xKjAoBgkqhkiG9w0BCQEW
+G3Bvc3RtYXN0ZXJAYnJlaG0tb25saW5lLmNvbTAeFw0wNjEyMDgyMjQ2MjhaFw0x
+MjAxMjYyMjQ2MjhaMIGyMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8w
+DQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBkJlcmxpbjEkMCIGA1UECxMbTWFpbCBT
+ZXJ2ZXIgUG9zdGZpeCBTU0wga2V5MR4wHAYDVQQDExVtYWlsLmJyZWhtLW9ubGlu
+ZS5jb20xKjAoBgkqhkiG9w0BCQEWG3Bvc3RtYXN0ZXJAYnJlaG0tb25saW5lLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlZRr8Y11oSg6hFJEz2Tvf/W9
+I7Nt+jjfbbfWigxVUq5EQbTMDMY5Fh6XN4zU+Wh7RU72pWR86/wGvfjU5yTCrYgU
+wa3MjZ0FLTlUB/M24PCa6iYI/zFUvoBeAGnuN6H05OY7mAqIeEA1wQAv//gHYTnv
+xVbOo8m5+Ruoq/3pBQcCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqG
+SIb3DQEBBQUAA4GBAGeli/w5sD8LIbhA8qcmdK1QB9w/nvI0RSGDuZtsKl97TVQj
+cCAW7FS2U6gyA+7hJfIMZT/kMGVM9ygnU6VKmfuj8q7qsG29jOOleafYuFwKph2D
+Ft4m/OauBW0riNbJ7IT923QwBCTgpVo/sf3Hb1HKf3VqGxaPTQU4wrLJWDsj
+-----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+MEYCQQDjc+Kujf6R+XMJT/3bPZhUBp/67Tano3opslrBIl0vQILYHhUB6yErvMFo
+eVYwt/wMP409NZOlIBvkwYemzXz7AgEC
+-----END DH PARAMETERS-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAs3QOLgO3aOSFeqJ7T4i7/nOZt2wumKajfclR3R9ROhshpf2e
+eQufsDwEycd9RPm0e20H59QJ2bv2/gTJxVP05kyMjLwXOSL7GIEowX2Q0cLecua9
+tBFpCQ7nRSIrDh9NzFF1WDkreeSbSHS5zKOF9RP76skg6tHQgxVjkL3kFu3Pg3Uk
+10mCnkPBkszr9scwuL/u1U4GPdwMWPzOaHaxA/bHMir24naYG2dCkSovICuiClZs
+APchUzpe92vqd0liolzy26SdS6QeTrv6zJl7Nv7TPLqTpHmnouqXpkGszFvpA576
+VUID26r+kRG+NDDlE4Wmhs/mFDV0JzKCbWZZRQIDAQABAoIBACA+BtovosF+5Zie
+HuewWo6iOIkjL9APiKpuBH5lRRPakhYf1lxLQVrJvdZ/ODuvXcUbVuNJTqfHRN5o
+/9OrfQHv2QTkOovyhAjoE+mH5QA7MfqVCJqU0jllaxoZxICaEUFXlWzPgMc60seW
+6VciPkxFVereTkLCheM3cZcs9xFDRhEscHxGxrkZ1f2VxHysUPz+pcGnb6P/EGKW
+0P6SNcgct0IrvUjxZp3aztLMW82rRgYLLDhsycWues0fllNzLJJMjx34PtLqp7s0
+jhefaJvsBDUJLMkSufOgv6iMXCxLYEiCQqiOVgJlzL3jAZoFf6M7FuAnPu2L/RcY
+DUA/SvUCgYEA2Xw2HpaHwtQNtC814t62EmuleWK0FO21sDMUTN4FLaW/eGDZTqr2
+FvjIh64slkbfd0sr9IOV1OiRfdJzLw5xzpJrJnpEae/QdfBV04FYBYr3gbBbK+0N
+cq5vFdR2HQ2U52mze9YBWZDe1jywMSyJ9iMUhsEkt7rEFch2cFlJYJsCgYEA0zun
+FYsEsI1YkzIRvXKULipTYc8a4cfXIKaLkoin/QYGGZkj7QitwcmPTQnANY6jKMh9
+DhOWmmQs5uSF3V4+TdQh284SoiAdmz1/q8IECU7KKIswuyy50lSKZLk/y3mmnxLa
+Zu8RCkjNLSQkr/H+8r/xlteaMxfq1+Z7cu2ZG58CgYEAzqFe4ezvC8JhSsJYFja3
+EgVIcG3A3umCZ+f/75A5p0cFBaAulrmDmgvAqnhnUFgB1NuM5YFnh6N3J+4dFaZJ
+ppQiTap4+ZWpn4Q6ZvtK3+lKguNFnBRbZIwqarkzhyLySHN63btUCP7FWRLL68x/
+P2XRCL7U3eMKjg+px9BtEOUCgYEAsaoQxIvi6+RWxadtSFygyZuL+k5Jm/GLvciW
+yC7srGJuqwUlNG8CRmYTg4ZaBjHshZbrp/VNzJnJMoKvHRvxZ2CvAcN35KkCfdni
+EkLjRjjgy+0Wlbfuqzu0EzfEso2lWVJwI/eb63yEJh2qRdpSxzYuKuM4rRTGz8Tp
+vCafip0CgYB04ddKSKM46RsUVsyWs09EUKXrgdOS8JRx08ytYAAZwIhPN1+BuPRS
+iz790dimDGgfkmMzygpI+aGwjAv/0nl8Loe3LnJIbYkfeGa2/HXjzpnsNOa6KKLU
+9tPY+b5OWejtCiayhuu7ro0yEqaGGJtsdG0JaeSxtsN80jYUUNDhOg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C9EB11CBB307A1DC
+
+9xwsypRNanPOrJDTAhnq291sYpHTmONc4nmigFl/fQUf4SINjBFnS/AzNXT7n9PY
+mN1W9dAhdj8Mn2dJIg7qhIFzmGkXrgJ2wAoM2j9nXCpHcLyeziaILCNHcQWE71yC
+8uy7bmSsVMLzuNKbuv2EPa0Jg0oEoxoUcvJ3uTV2frcTxo3dmDtKgAtTAaHCoXZR
+skhwVJAn9+qN5ZzJEV1iJPDsvUyx4+PkGL2H2SEpri5WLZoMvBAE7xYD2lQNjCvT
+kg0rHbK9xDs9dq0/BmpUWAX4Gt2e6LRXeaYIyGKhxa/k8nnebjgmOnEFUuNnf4dE
+PWv1ccyMVmdWzFVqZQeVw4ad9XS9zoX2OoxQTVzq3P+nGUMU5D4Bu4T/z3w7SQvG
+DfKldmBLDz/24HpyP5TzRZ3VEjqFos73gmnfbLaZGSWMCRSeDR5x5XnhB4ZfPAxK
+qzAgXLtdcqv/j6Y9ucjdjEBOmWFa3TLlvQGFIZdKhdKRDXPT8WqOLb1DO+o2tHXY
+bTGqvE6F2uL57tosAatFrn+XLYSpLS/vY9cOs+j2cSKfBe4a4qpAqWx9Tk4pR/nK
+VWxyHvLKbjSdFo3Fqq+O/4k1sMd6FpD4oh5WHD1U7/Seoe6HKgi5OkJpwywZxCJC
+rRRSPpwI2GKwOR1CzEZm/Z2RAQH2xbhOr95vaPXRGR4yCjQWLSxDdk6qCfPF60mE
+ZEtWaDvMSkoBEs+ZHlAgZ/rXtylYdq2AvSD6eMz8zPhKdc+zlMHwl7ZlY8zQbsXZ
+8ae4EqgUBczEODOfrYHfjAujDqkE6dqapcMeJlZCVHRXV1IvSItXBfvTN7XPOSAG
+7nZ3oR4xdUFiOLZtcQ7okXU95B9isv1Aaix1JSj707f8MlG81qXM5eFJ/Na8fLy/
+4QMhuYazOd9MB/rPHwilUng+Mc0Ih3XChgZxcfMaCqwu87pE7t9WlmjL4KU5nXBK
+OwwbaYq3IOuIwb+vYIlR1Dl3uALRTwmaeDbP9D7qPf+sLo3YpKbSaqtIoZOyM33l
+zRjZu4lsLIQwHc6HrJCio+VlvzuzXdVAxQ6EHMsuZQXHbHb+qWI/tF/QQchGRvO6
+G8lhAwhiVXOZZxr42rZRfeJvePX2ERl/buAOsOcKZMUz5wWFfB2pX5up1wQpr5ew
+XFz7l5LMMytiLSVzskMadZkSoA8Kta6C7eK72nRvg8A3TtL0tgu9a5BZPCngtjRj
+qeBbM6ry7idy9uDkLIeX+9t0m25HWNMnFG0xkFmZyw3RSaSDCHKITbnu5xDPh5BD
+qZpl9u7ihlrKMvzcy3HYkNuRsofvvE7yz2O9+/WhHjHKx1HEyGFln3OE0+5VMFOM
+/fDwxvz8SWso0a/uXnJsO6qssFvGcMTh9YMkUkktwUZW06gQhSVJfq9avnqsOqIJ
+BN9JLXVw71u8qqaGjao8fO9XI90X1b49SFYAfTvWHRy9BHNjj31/8rbN4/ZX9Ih/
+uSZ5bN0giKLQ+Gg12HziODsOeSkSVRY+MYeSyFR5X2vrw3ljU7focK3f2N3Uz8z0
+YtHicwrN7j9IgQze9+mrrVQSTast8eL6EK8tYlyw5Floby2NWH8D2/5kETXYaojX
+-----END RSA PRIVATE KEY-----
--- /dev/null
+#!/bin/bash
+#
+# This is a short script to quickly generate a self-signed X.509 key for
+# Courier-IMAP/POP3 over SSL.
+
+set -e
+
+test -x /usr/bin/openssl || exit 0
+
+CADir="/etc/ssl/CA-Brehm/stunnel"
+prefix="/usr"
+randfile="$CADir/stunnel.rand"
+days=1875
+do_install=0
+
+if [ "${#BASH_ARGV[@]}" == "0" ]; then
+ echo "No instances to generate certificates given." >&2
+ exit 1
+fi
+
+echo
+echo "Generating Random file '$randfile' ..."
+dd if=/dev/urandom of=$randfile count=1 2>/dev/null
+
+clear_randfile() {
+ if [ -f "${randfile}" ] ; then
+
+ fi
+}
+
+trap clear_randfile INT TERM EXIT
+
+for i in "${BASH_ARGV[@]}"; do
+ echo
+ echo " - '${i}'"
+ echo
+
+ target_dir="${CADir}/${i}"
+
+ if [ ! -d "${target_dir}" ] ; then
+ echo " Creating directory ${target_dir} ..."
+ mkdir -p "${target_dir}" || exit 3
+ fi
+
+ pemfile="${target_dir}/${i}-cert.pem"
+ conffile="${target_dir}/${i}-cert.cnf"
+
+ if [ ! -f "${conffile}" ] ; then
+ fi
+
+done
+
+exit 0
+Instances="webmail myadmin"
+
+for i in $Instances ; do
+
+ pemfile="$CADir/$i-cert.pem"
+ conffile="$CADir/$i-cert.cnf"
+
+ if [ -f $pemfile ]; then
+ echo "$pemfile already exists."
+ continue
+ fi
+ do_install=1
+
+ if [ ! -f $conffile ] ; then
+ echo "$conffile does not exists!"
+ exit 2
+ fi
+
+ cp /dev/null $pemfile
+ chmod 600 $pemfile
+ chown root $pemfile
+
+ cleanup() {
+ echo
+ echo "Emergency Cleanup ..." >&2
+ rm -f $pemfile
+ rm -f $randfile
+ exit 10
+ }
+
+ echo "Generating Cert for IMAP ..."
+ /usr/bin/openssl req -new -x509 -days $days -nodes \
+ -config $conffile -out $pemfile -keyout $pemfile || cleanup
+ /usr/bin/openssl gendh -rand $randfile 512 >> $pemfile || cleanup
+ /usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup
+
+done
+
+if [ "$do_install" = "1" ] ; then
+
+ echo
+ echo "Installing Certificates ..."
+
+ for i in $Instances ; do
+
+ pemfile="$CADir/$i-cert.pem"
+ pemfile_orig="/etc/apache2/ssl/$i-cert.pem"
+
+ cp -pv $pemfile $pemfile_orig
+
+ done
+
+fi
+
+rm -f $randfile
+
+
+# vim: ts=4 expandtab
--- /dev/null
+RANDFILE = /usr/share/webmail.rand
+
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+C=DE
+ST=Berlin
+L=Berlin
+O=Brehm
+OU=Frank Brehm SSL Key
+CN=myadmin.brehm-online.com
+emailAddress=frank@brehm-online.com
+
+
+[ cert_type ]
+nsCertType = server
+
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/ssl/CA-Brehm # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cakey.pem# The private key
+private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
-default_days = 365 # how long to certify for
+default_days = 1875 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# For the CA policy
[ policy_match ]
countryName = match
-stateOrProvinceName = match
-organizationName = match
+stateOrProvinceName = optional
+organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-countryName_default = AU
+countryName_default = DE
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+stateOrProvinceName_default = Berlin
localityName = Locality Name (eg, city)
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = default # use public key default MD
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1 # the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir = ./demoCA # TSA root directory
+serial = $dir/tsaserial # The current serial number (mandatory)
+crypto_device = builtin # OpenSSL engine to use for signing
+signer_cert = $dir/tsacert.pem # The TSA signing certificate
+ # (optional)
+certs = $dir/cacert.pem # Certificate chain to include in reply
+ # (optional)
+signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy = tsa_policy1 # Policy if request did not specify it
+ # (optional)
+other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
+digests = md5, sha1 # Acceptable message digests (mandatory)
+accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
+clock_precision_digits = 0 # number of digits after dot. (optional)
+ordering = yes # Is ordering defined for timestamps?
+ # (optional, default: no)
+tsa_name = yes # Must the TSA name be included in the reply?
+ # (optional, default: no)
+ess_cert_id_chain = no # Must the ESS cert id chain be included?
+ # (optional, default: no)
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICxTCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbnRhIEJhcmJhcmExEzAR
+BgNVBAoTClNTTCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciBUZXN0aW5nIFB1cnBvc2Vz
+IE9ubHkxFTATBgNVBAMTDGxvY2FsaG9zdCBDQTEdMBsGCSqGSIb3DQEJARYOcm9v
+dEBsb2NhbGhvc3QwHhcNMTIwMTMxMDgwODQyWhcNMTQwMTMwMDgwODQyWjCBpjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbnRh
+IEJhcmJhcmExEzARBgNVBAoTClNTTCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciBUZXN0
+aW5nIFB1cnBvc2VzIE9ubHkxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
+DQEJARYOcm9vdEBsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+ALfGtvMfLVrk2M77BotkfYwFtMI7JGK8FVIxL0EmaEK/BeSvYAEvMkgrxlDvCYmF
+WrcYMJ4el+lguhtGJuD4qjsih0iX3fI5I0rFPi62Vr9KcjRo9pC6RL2Ew3XtLE5T
+Am68vS7ZleK9Vzh3eRY5ZXUlS3Dn6W6mA94RLeabu5erAgMBAAEwDQYJKoZIhvcN
+AQEFBQADgYEAs45mxYjtJiLLaI69hjlaEF+KE9mKqof9MW+yxFoX6iJothBnHZoq
+vxQizuKcb8kgjn5jq2Qpp1E0IPMcEDzsN9J7n0jSGTG5PcxWpo/lqWkSZg7mUwKc
+V0lquy4FDrJe51A8dNN+cd0JXsERKLqfKXonhFcVea9qzde+VHOBjlI=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB5zCCAVACAQAwgaYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRYwFAYDVQQHEw1TYW50YSBCYXJiYXJhMRMwEQYDVQQKEwpTU0wgU2VydmVyMSIw
+IAYDVQQLExlGb3IgVGVzdGluZyBQdXJwb3NlcyBPbmx5MRIwEAYDVQQDEwlsb2Nh
+bGhvc3QxHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQC3xrbzHy1a5NjO+waLZH2MBbTCOyRivBVSMS9BJmhC
+vwXkr2ABLzJIK8ZQ7wmJhVq3GDCeHpfpYLobRibg+Ko7IodIl93yOSNKxT4utla/
+SnI0aPaQukS9hMN17SxOUwJuvL0u2ZXivVc4d3kWOWV1JUtw5+lupgPeES3mm7uX
+qwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEANZdsszYbhiDnj3c6VzFIS8Lb69YE
+c0Tg5ZVA2sV7y7ixf+tGpiELCPJHTAG7jzI0S5wj9p8S0M13miHDVE+qasRYO7S9
+pZelxcgjXqSXA9WG3lGQ+URNJJ0c94grESMNRKGFaotme6SKN+ao9K/BoGlF183N
+2xWCg0W5UYynDJc=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC3xrbzHy1a5NjO+waLZH2MBbTCOyRivBVSMS9BJmhCvwXkr2AB
+LzJIK8ZQ7wmJhVq3GDCeHpfpYLobRibg+Ko7IodIl93yOSNKxT4utla/SnI0aPaQ
+ukS9hMN17SxOUwJuvL0u2ZXivVc4d3kWOWV1JUtw5+lupgPeES3mm7uXqwIDAQAB
+AoGAY6yCY6CAP/Eo6jHaHdY2BbC+li3vkSGDyt1kTMig+bqTXrIDtwC7G8uqNxE+
+sfjC99VF4Sykpe5RYiONSK113ctiLwRbEY7G8u1fjTK+tItE2CZsk7DbtTw38cOC
+ysmmhVuqIN5Z80Zx/gseZhpfvplfiAWSQrIWe8ZX8PnFSkECQQDiI+41os6gcIBy
+0b8iITGAgLrgOVbZyBP+pCujf5H/l+X8S28RvNTTwYL22P88VUD13oV2hoxioA++
+rRN1Sk+hAkEA0ArHPXpWo57SJ9OhlMzrS1zmGORVNoy1OIDkyOdaCPrWDuLy0ZnS
+f8iRJS8Ozvwwdf23QWdRhPTznb76GfWTywJANVQh1dY6Ag3lzK338/V99f7lkwES
+oTMUvAU9IUZxSKQqoU+strMgQXuuBcZwkmrMce7y7FuYeZ2jeOTZ5NwMYQJBAIgE
+g/9N3Rdc30nqs9n1oGDFfCsKHixsEo++tdYkbFkypoFVICypxVaGa19ERQpPF+AM
+4aOBSWsEO8MG+b2/McECQFy4QrOawU454ravKLmIRrTHvumF3P21KnXc5co/AkH6
+tBwvUB+7Dd5E5ZOF5GfbIvztiH4JzVpm570RuJNigRQ=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC3xrbzHy1a5NjO+waLZH2MBbTCOyRivBVSMS9BJmhCvwXkr2AB
+LzJIK8ZQ7wmJhVq3GDCeHpfpYLobRibg+Ko7IodIl93yOSNKxT4utla/SnI0aPaQ
+ukS9hMN17SxOUwJuvL0u2ZXivVc4d3kWOWV1JUtw5+lupgPeES3mm7uXqwIDAQAB
+AoGAY6yCY6CAP/Eo6jHaHdY2BbC+li3vkSGDyt1kTMig+bqTXrIDtwC7G8uqNxE+
+sfjC99VF4Sykpe5RYiONSK113ctiLwRbEY7G8u1fjTK+tItE2CZsk7DbtTw38cOC
+ysmmhVuqIN5Z80Zx/gseZhpfvplfiAWSQrIWe8ZX8PnFSkECQQDiI+41os6gcIBy
+0b8iITGAgLrgOVbZyBP+pCujf5H/l+X8S28RvNTTwYL22P88VUD13oV2hoxioA++
+rRN1Sk+hAkEA0ArHPXpWo57SJ9OhlMzrS1zmGORVNoy1OIDkyOdaCPrWDuLy0ZnS
+f8iRJS8Ozvwwdf23QWdRhPTznb76GfWTywJANVQh1dY6Ag3lzK338/V99f7lkwES
+oTMUvAU9IUZxSKQqoU+strMgQXuuBcZwkmrMce7y7FuYeZ2jeOTZ5NwMYQJBAIgE
+g/9N3Rdc30nqs9n1oGDFfCsKHixsEo++tdYkbFkypoFVICypxVaGa19ERQpPF+AM
+4aOBSWsEO8MG+b2/McECQFy4QrOawU454ravKLmIRrTHvumF3P21KnXc5co/AkH6
+tBwvUB+7Dd5E5ZOF5GfbIvztiH4JzVpm570RuJNigRQ=
+-----END RSA PRIVATE KEY-----
+
+-----BEGIN CERTIFICATE-----
+MIICxTCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbnRhIEJhcmJhcmExEzAR
+BgNVBAoTClNTTCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciBUZXN0aW5nIFB1cnBvc2Vz
+IE9ubHkxFTATBgNVBAMTDGxvY2FsaG9zdCBDQTEdMBsGCSqGSIb3DQEJARYOcm9v
+dEBsb2NhbGhvc3QwHhcNMTIwMTMxMDgwODQyWhcNMTQwMTMwMDgwODQyWjCBpjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbnRh
+IEJhcmJhcmExEzARBgNVBAoTClNTTCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciBUZXN0
+aW5nIFB1cnBvc2VzIE9ubHkxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3
+DQEJARYOcm9vdEBsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+ALfGtvMfLVrk2M77BotkfYwFtMI7JGK8FVIxL0EmaEK/BeSvYAEvMkgrxlDvCYmF
+WrcYMJ4el+lguhtGJuD4qjsih0iX3fI5I0rFPi62Vr9KcjRo9pC6RL2Ew3XtLE5T
+Am68vS7ZleK9Vzh3eRY5ZXUlS3Dn6W6mA94RLeabu5erAgMBAAEwDQYJKoZIhvcN
+AQEFBQADgYEAs45mxYjtJiLLaI69hjlaEF+KE9mKqof9MW+yxFoX6iJothBnHZoq
+vxQizuKcb8kgjn5jq2Qpp1E0IPMcEDzsN9J7n0jSGTG5PcxWpo/lqWkSZg7mUwKc
+V0lquy4FDrJe51A8dNN+cd0JXsERKLqfKXonhFcVea9qzde+VHOBjlI=
+-----END CERTIFICATE-----
# Please make sure you understand them (especially the effect of chroot jail)
# Certificate/key is needed in server mode and optional in client mode
-# cert = /etc/stunnel/stunnel.pem
-# key = /etc/stunnel/stunnel.pem
+cert = /etc/stunnel/stunnel.pem
+key = /etc/stunnel/stunnel.pem
# Some security enhancements for UNIX systems - comment them out on Win32
# chroot = /chroot/stunnel/
# Service-level configuration
+[postgres]
+accept = 5442
+connect = 5432
+
#[pop3s]
#accept = 995
#connect = 110
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALHmMhfRrI8xbPGd
+YO5oeT+bX+tBghLR89aGEvetD37K8kvpbj/ApqUA8qFWx4dSwq5zkjlJ55/UgTZw
+JV+fsVeNmOf0v0360B92z3AXIJ41DrMPM7vVnIg1csPpa7Zmr+vgGRpnHs0BwkfR
+WhX+xDZKaf5chfWsL28zgYY3cf1dAgMBAAECgYB8ibDxucf6alhhAJKV869F1wic
+Ebz0XeQ8fpmSp6VcVsiuWdjjaoN+qZ4xUiXWVxqQs7lev50V59cY/AM94PZtMC96
+QHL2EPzIMrpjRCU59Z7PgQwOgjX0PMds9ZS6EuufzRKidh2qiys3ZcN8AeTjG2Rv
+hL+vOs6aVqZfWMrjJQJBAODqjDMZTVu2geXH/K289CaX7OB6jsAdKwfqheXRtuz1
+Rw1nbmQp6Bzr7fQyVtgbjrnnb8xZ110J85Krbz2NYG8CQQDKfDQyBVC4niXraLKA
+JZ7vxpxP0IfLekXJ1o1Me3jmzQxCXK56sHVnJsmihyiZBmFKLCFhXfa2JBwFXBXa
+iczzAkAnmAKgSDb/Cyzo14Da0OWmGZ6gkdKpbTkTBq0VnQp3wmIEsQ2U4m+zD7Fv
+CKGTH57LiTt8HOC1xzeyvS0zB71PAkA83zX5y6tGtRSFPsZay/SJ9NVNEU2hmDKe
+yQdVdNEV4ZLL6HzzmVTSG9EGMUe9KTPaToYCdXMTsqtR2SsgtciNAkBCN66SqVJB
+op3WG5wQEOeCrqpU2PEtBnVcsZlrh0a5F+3k0IDTMjShYfyhmSMpn2Q5GIYhWhWX
+eiTnGAZF+M7b
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICtDCCAh2gAwIBAgIJAOa3kpJQWr5pMA0GCSqGSIb3DQEBBQUAMHMxCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEUMBIGA1UE
+CgwLRnJhbmsgQnJlaG0xDzANBgNVBAsMBnByaXZhdDEbMBkGA1UEAwwSdWh1MS51
+aHUtYmFuYW5lLmRlMB4XDTEyMDEzMTA5MTM1OFoXDTEyMDMwMTA5MTM1OFowczEL
+MAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMRQw
+EgYDVQQKDAtGcmFuayBCcmVobTEPMA0GA1UECwwGcHJpdmF0MRswGQYDVQQDDBJ1
+aHUxLnVodS1iYW5hbmUuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALHm
+MhfRrI8xbPGdYO5oeT+bX+tBghLR89aGEvetD37K8kvpbj/ApqUA8qFWx4dSwq5z
+kjlJ55/UgTZwJV+fsVeNmOf0v0360B92z3AXIJ41DrMPM7vVnIg1csPpa7Zmr+vg
+GRpnHs0BwkfRWhX+xDZKaf5chfWsL28zgYY3cf1dAgMBAAGjUDBOMB0GA1UdDgQW
+BBQiJMeidpqxspkjOnX3jWPJdpvR/DAfBgNVHSMEGDAWgBQiJMeidpqxspkjOnX3
+jWPJdpvR/DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHFSZOmOBE6F
+hh2LpwY8i9bi9T5Robg6NnFGyVTqP1ayC/LMGGUlwmu5PJt4U2y39ZKozK/FBMTa
+SX7zaQGk9HNbET1URyPysZLGpwc9djN1Qy4gfOiwkORBMi8We51IMqaowNBMag+J
+FIYREc3DNDg53HylseY8A1N9cTlUTeQ2
+-----END CERTIFICATE-----
projects / config / uhu1 / etc.git / commitdiff