Sendmail SSL/TLS dummy Certs

Rick Stevens rstevens at vitalstream.com
Fri May 7 18:11:15 UTC 2004 

Scott Taylor wrote:
> Hello,
> 
> I just set up my first Enterprise Linux ES server to replace an old mail
> server.
> 
> I have Apache running with SSL and self signed certificates, only problem
> I'm having is the Sendmail certificates.  Sendmail is using the dummy
> certs and I can't for the life of me find them or figure out how to
> replace them.  So, of course all my users are getting errors that the
> hostname doesn't match the name in the cert.
> 
> Can someone please point me to the right docs or a how-to or even
> instructions on how to replace the sendmail dummy certs with my own?

You need to edit your /etc/mail/sendmail.mc file and change the
following macros:

define(`CERT_DIR', `/path/to/your/certificates')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT',`CERT_DIR`'/cacert.pem')
define(`confSERVER_CERT',`CERT_DIR`'/client.cert.pem')
define(`confSERVER_KEY',`CERT_DIR`'/client.key.pem')
define(`confCLIENT_CERT',`CERT_DIR`'/client.cert.pem')
define(`confCLIENT_KEY',`CERT_DIR`'/client.key.pem')

That assumes you use the same keys for both client and server.  If you
want to use different files, change the appropriate lines.  Once you
make these changes, "/etc/rc.d/init.d/sendmail restart" should rebuild
your /etc/mail/sendmail.cf file and you should be using your new certs.

I HIGHLY recommend you get a copy of the "Bat" book if you intend to do
anything with sendmail.  It's $60 US and worth every penny.  The stuff I
just described is on page 420 of the 3rd edition of the book.  Get it.

The "Bat" book:

	sendmail, 3rd Edition
	By Bryan Costales and Eric Allman
	O'Reilly & Associates, 2003
	http://www.oreilly.com
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-        "More hay, Trigger?" "No thanks, Roy, I'm stuffed!"         -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list