[rhn-users] RH EL 3 and STARTTLS
Ken Smith
kens at kensnet.org
Tue Aug 24 16:45:24 UTC 2004
Hi,
This is my first post to this list and I have a question about STARTTLS. I
have found many pages on the net about it but no definitive Mini How To. I
just seem to be finding bits of the jigsaw but no whole picture yet and the
RH docs seem silent on this subject...
I have also found many people asking what I'm about to ask...
My logfiles have complaints like this..
STARTTLS=client: file /etc/mail/certs/key.pem unsafe: No such file or
directory: 372 Time(s)
STARTTLS=client: file /etc/mail/certs/cacert.pem unsafe: No such file or
directory: 372 Time(s)
STARTTLS=client: file /etc/mail/certs/cert.pem unsafe: No such file or
directory: 372 Time(s)
STARTTLS=client, error: load verify locs /etc/mail/certs,
/etc/mail/certs/cacert.pem failed: 0: 372 Time(s)
I found some docs about using the Makefile in /usr/share/ssl/certs but
running
make sendmail.pem
certainly creates a file called sendmail.pem but what is that - a key file?
A signed one or what?
The directory /etc/mail/certs does not exist on my system. I know I can
create it. But it seems strange that sendmail.mc has STARTTLS enabled by
default but the /etc/mail/certs directory is missing and the makecerts.sh
file referred to in the comments is nowhere to be found!
It sounds like STARTTLS configuration is something that just wasn't finished
before release.
I don't really want to become Western Europe's Guru on TLS. I just would
like to get it working. I do have a basic understanding of public/private
key security. So does anyone have a pointer to a simple recipe style
"how-to" to get this working that I can follow without becoming an
cryptology expert.
Thanks for your patience
Ken
More information about the rhn-users
mailing list