Re: I'm concerned that I've done something stupid



On Aug 20, 2:27 pm, MikeEgglestonPointw...@xxxxxxxxx wrote:
On Aug 20, 11:46 am, Doug McIntyre <mer...@xxxxxxxxx> wrote:





MikeEgglestonPointw...@xxxxxxxxx writes:
I bought a SSL certificate from Network Solutions to authenticate
traveling users to some of my external services. Now that I have the
certificate, which is only a single file, how do I configure sendmail
to use/offer the certificate to remote connections? I have sendmail
configured with two files from a self-signed SSL certificate, and that
works, but how do I do this with a single file?

What's contained in the single file?

In order to obtain the Verisign CA signed cert, you must have
generated a key and a CSR from that key. Where is that key file, in a
seperate file? The key never left your machine, only the CSR did. The
cert you got back was Verisign's signature ontop of that specific key.
Without that key file, the cert is useless.

They would have sent you the cert then, so you should have two files right?

You can merge the key file and cert file together if you want, I
prefer to keep them seperate.

The sendmail config simply becomes

define(`confCACERT_PATH',`/etc/mail/certs')dnl
define(`confCACERT',`/etc/mail/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT',`/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/etc/mail/certs/sendmail.key)dnl
define(`confCLIENT_CERT',`/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY',`/etc/mail/certs/sendmail.key')dnl

ca-bundle.crt is the same as before, it doesn't change.

sendmail.pem is the cert you got back from Verisign. sendmail.key is
the key used to generate the CSR that Verisign signed and sent
back. After your cert is done, the CSR is useless and can be thrown away.
But the key file is required, as well as the cert file.

I didn't realize I needed to use the csr I generated originally. I'll
try that and post back.

Thanks a bunch.

Mike

I think the certificate is working. I tested with outlook and got a
warning about the certificate. I was told the Network Solutions
certificate (and root certificates?) would not generate a prompt/
warning from outlook. How can I verify that sendmail is serving the
right certificate?

Mike
.



Relevant Pages

  • Re: Primary key backup
    ... Anywhere, now make sure you have no cert now, since the ... > I am getting a reissue from my vendor, as I was not able to deploy the> certificate which I got from them ... > here are the details of my scenario> I have a web site running with an SSL certificate ... > -I used the certificate wizard on the new web site by giving the actual> details and generated a CSR. ...
    (microsoft.public.inetserver.iis.security)
  • Re: SBS 2003 R2 + UCC Certicifate Woes
    ... If you create a CSR with only one CN and then have the certificate created with SANs that the CSR did not contain then you get a mismatch because the certificate provider doesn't actually have your private key, they only have your CSR...which is derived from your key and the data you provide. ... this isn't an IIS or even Windows limitation. ... using the Certificates MMC snap-in and replaced the cert used by the ...
    (microsoft.public.windows.server.sbs)
  • Re: Im concerned that Ive done something stupid
    ... certificate, which is only a single file, how do I configure sendmail ... cert you got back was Verisign's signature ontop of that specific key. ...
    (comp.security.unix)
  • E2k7 Zertifikate (CSR mit openSSL signieren)
    ... Auf diesem habe ich eine RootCA und eine ServerCA etabliert. ... Mit New-ExchangeCertificate erzeuge ich jetzt ein Zertifikatsrequest (CSR) und stelle diesen der openSSL Server CA zum signieren bereit. ... certificate = $dir/ServerCA.cert.pem ...
    (microsoft.public.de.exchange)
  • Strange SSL problems
    ... I recently generated a CSR for a customer. ... I could view the certificate and it looked good from within IIS. ... The screen said that there was a private key present. ... I can always generate the CSR and install the certificate on another system ...
    (microsoft.public.inetserver.iis.security)