Sendmail SSL/TLS dummy Certs
Rick Stevens
rstevens at vitalstream.com
Fri May 7 18:11:15 UTC 2004
Scott Taylor wrote:
> Hello,
>
> I just set up my first Enterprise Linux ES server to replace an old mail
> server.
>
> I have Apache running with SSL and self signed certificates, only problem
> I'm having is the Sendmail certificates. Sendmail is using the dummy
> certs and I can't for the life of me find them or figure out how to
> replace them. So, of course all my users are getting errors that the
> hostname doesn't match the name in the cert.
>
> Can someone please point me to the right docs or a how-to or even
> instructions on how to replace the sendmail dummy certs with my own?
You need to edit your /etc/mail/sendmail.mc file and change the
following macros:
define(`CERT_DIR', `/path/to/your/certificates')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT',`CERT_DIR`'/cacert.pem')
define(`confSERVER_CERT',`CERT_DIR`'/client.cert.pem')
define(`confSERVER_KEY',`CERT_DIR`'/client.key.pem')
define(`confCLIENT_CERT',`CERT_DIR`'/client.cert.pem')
define(`confCLIENT_KEY',`CERT_DIR`'/client.key.pem')
That assumes you use the same keys for both client and server. If you
want to use different files, change the appropriate lines. Once you
make these changes, "/etc/rc.d/init.d/sendmail restart" should rebuild
your /etc/mail/sendmail.cf file and you should be using your new certs.
I HIGHLY recommend you get a copy of the "Bat" book if you intend to do
anything with sendmail. It's $60 US and worth every penny. The stuff I
just described is on page 420 of the 3rd edition of the book. Get it.
The "Bat" book:
sendmail, 3rd Edition
By Bryan Costales and Eric Allman
O'Reilly & Associates, 2003
http://www.oreilly.com
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- "More hay, Trigger?" "No thanks, Roy, I'm stuffed!" -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list