ClientKeyFile
File with the client certificate’s private key V8.11 and later
STARTTLS and stream encryption are discussed in detail
in STARTTLS on page 202. Among
the items you might need to set up is a key file
that corresponds to a certificate file. The client
key is used by sendmail when it
acts in the roll of a sender (dispatching outbound
email). The key file is contained in a file whose
location is set with this ClientKeyFile option, using
declarations that look like this:
O ClientKeyFile=path ← configuration file (V8.11 and later) -OClientKeyFile=path ← command line (V8.11 and later) define(`confCLIENT_KEY',`path') ← mc configuration (V8.11 and later)
Here, path is a full path
specification of the file containing the key. The
path can contain
sendmail macros, and if so,
those macros will be expanded (their values used)
when the configuration file, or command line, is
read:
define(`confCLIENT_KEY', `${MyCERTPath}/ClntKey.pem')The path must be a full
pathname (must begin with a slash) and must also
live in a directory that is safe (every component of
which is writable only by root
or the trusted user specified in the TrustedUser option) and
must itself be safe (owned by and writable only by
root or the trusted user
specified in the TrustedUser option; see TrustedUser on page 1112). If it is
not, it will be rejected and the following error
logged:
STARTTLS=client: file path unsafe: reason
Note that the file must not be group- or world-readable.
But even if all goes well this far, there ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
