Re: I'm concerned that I've done something stupid



On Aug 20, 2:27 pm, MikeEgglestonPointw...@xxxxxxxxx wrote:
On Aug 20, 11:46 am, Doug McIntyre <mer...@xxxxxxxxx> wrote:





MikeEgglestonPointw...@xxxxxxxxx writes:
I bought a SSL certificate from Network Solutions to authenticate
traveling users to some of my external services. Now that I have the
certificate, which is only a single file, how do I configure sendmail
to use/offer the certificate to remote connections? I have sendmail
configured with two files from a self-signed SSL certificate, and that
works, but how do I do this with a single file?

What's contained in the single file?

In order to obtain the Verisign CA signed cert, you must have
generated a key and a CSR from that key. Where is that key file, in a
seperate file? The key never left your machine, only the CSR did. The
cert you got back was Verisign's signature ontop of that specific key.
Without that key file, the cert is useless.

They would have sent you the cert then, so you should have two files right?

You can merge the key file and cert file together if you want, I
prefer to keep them seperate.

The sendmail config simply becomes

define(`confCACERT_PATH',`/etc/mail/certs')dnl
define(`confCACERT',`/etc/mail/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT',`/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/etc/mail/certs/sendmail.key)dnl
define(`confCLIENT_CERT',`/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY',`/etc/mail/certs/sendmail.key')dnl

ca-bundle.crt is the same as before, it doesn't change.

sendmail.pem is the cert you got back from Verisign. sendmail.key is
the key used to generate the CSR that Verisign signed and sent
back. After your cert is done, the CSR is useless and can be thrown away.
But the key file is required, as well as the cert file.

I didn't realize I needed to use the csr I generated originally. I'll
try that and post back.

Thanks a bunch.

Mike

I think the certificate is working. I tested with outlook and got a
warning about the certificate. I was told the Network Solutions
certificate (and root certificates?) would not generate a prompt/
warning from outlook. How can I verify that sendmail is serving the
right certificate?

Mike
.