CACertPath
Directory with certificate authority certs V8.11 and later
STARTTLS and stream encryption are discussed in detail
in STARTTLS on page 202. Among
the items you must provide is a directory that
contains the certificate of the authority for the
server (ServerCertFile on page
1087) and client (ClientCertFile
on page 984) as well as other certificates of
authority you wish to trust. This directory contains
both the certificates of authority and hashes of
those certificates (more about this soon). The
location of the CA certificate directory is
specified with this CACertPath option, with declarations
that look like this:
O CACertPath=dir ← configuration file (V8.12 and later) -OCACertPath=dir ← command line (V8.12 and later) define(`confCACERT_PATH',`dir') ← mc configuration (V8.12 and later
Here, dir is a full path
specification of the directory containing the CA
certificate files and their hashes. The
dir can contain
sendmail macros, and if so,
those macros will be expanded (their values used)
when the configuration file, or command line, is
read:
define(`confCACERT_PATH', `${MyCERTPath}')The dir must be a full
pathname (must begin with a slash), or the directory
will be rejected and the following error
logged:
STARTTLS=server: file dir unsafe: reason STARTTLS=client: file dir unsafe: reason
Here, dir is the directory
separately specified by the CACertPath option (CACertPath on page 982) and
path is the file
specified by this option. The
num is the error number returned by the ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
