[Gllug] STARTTLS RH 3 Config
Ken Smith
kens at kensnet.org
Tue Aug 24 17:58:56 UTC 2004
Hi,
Looking round the web I have found many pages, very confusing and mutually
contradictory, but no definitive "Mini How To" to get this going. I just
seem to be finding bits of the jigsaw but no whole picture yet and the RH
docs seem silent on this subject...
I have also found many people asking what I'm about to ask...
My logfiles have entries like this...
STARTTLS=client: file /etc/mail/certs/key.pem unsafe: No such file or
directory: 372 Time(s)
STARTTLS=client: file /etc/mail/certs/cacert.pem unsafe: No such file or
directory: 372 Time(s)
STARTTLS=client: file /etc/mail/certs/cert.pem unsafe: No such file or
directory: 372 Time(s) STARTTLS=client, error: load verify locs
/etc/mail/certs, /etc/mail/certs/cacert.pem failed: 0: 372 Time(s)
I found some info about using the Makefile in /usr/share/ssl/certs that says
to run
make sendmail.pem
that certainly creates a file called sendmail.pem but I don't know what that
file is - a key file? A signed one or what?
The directory /etc/mail/certs does not exist on this system. I know I can
create it. But it seems strange that sendmail.mc has STARTTLS enabled by
default but the /etc/mail/certs directory is missing and the makecerts.sh
file mentioned in the comments in sendmail.mc file is nowhere to be found!
It sounds like STARTTLS configuration is something that just wasn't finished
before RH 3 release.
I don't really want to become a guru on TLS. I just would like to get it
working. I do have a basic understanding of public/private key security. So
does anyone have a pointer to a simple recipe style "how-to" to get this
working that I can follow without becoming a cryptology expert. Once I've
cracked it I'll publish a How-To if there isn't one already.
Thanks for your patience
Ken
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list