CACertFile
File containing certificate authority certs V8.11 and later
STARTTLS and stream encryption are discussed in detail
in STARTTLS on page 202. Among
the items you must provide is a file that contains
the certificate of the authority that signed your
local server (ServerCertFile on
page 1087) and client (ClientCertFile on page 984)
certificates. This certificate of authority (CA)
contains information (the distinguished name, or DN)
that is sent to a connecting or connected-to site.
The location of the CA certificate file is specified
with this CACertFile option, using a declaration
that looks like this:
O CACertFile=path ← configuration file (V8.11 and later) -OCACertFile=path ← command line (V8.11 and later) define(`confCACERT',`path') ← mc configuration (V8.11 and later
Here, path is a full path
specification of the file containing the CA
certificate. The path can
contain sendmail macros, and if
so, those macros will be expanded (their values
used) when the configuration file, or command line,
is read:
define(`confCACERT', `${MyCERTPath}/CAcert.pem')The path must be a full
pathname (must begin with a slash) and must also
live in a directory that is safe (every component of
which is writable only by root
or the trusted user specified in the TrustedUser option) and
must itself be safe (owned by and writable only by
root or the trusted user
specified in the TrustedUser option; see TrustedUser on page 1112). If it is
not, it will be rejected and the following error
logged:
STARTTLS=server: ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
