Name

ServerCertFile

Synopsis

STARTTLS and stream encryption are discussed in detail in Section 10.10. Among the items you might need to create, or purchase, to set up stream encryption is a certificate for your server. A server certificate is the certificate used by sendmail when it is acting in the roll of a server (receiving inbound email). The server certificate is contained in a file whose location is set with this ServerCertFile option, with declarations that look like this:

O ServerCertFile=path           configuration file (V8.11 and later) 
-OServerCertFile=path           command line (V8.11 and later) 
define(`confSERVER_CERT',`path') mc configuration (V8.11 and later 

Here, path is a full path specification of the file containing the certificate. The path might contain sendmail macros, and if so, those macros will be expanded (their values used) when the configuration file, or command line, is read:

define(`confSERVER_CERT', `${MyCERTPath}/SrvrCert.pem')

The path must be a full pathname (must begin with a slash), or the file will be rejected and the following error logged:

STARTTLS: ServerCertFile missing

The path must also live in a directory that is safe (every component of which is writable only by root or the trusted user specified in the TrustedUser option) and must itself be safe (owned by and writable only by root or the trusted user specified in the TrustedUser option). If it is not, it will be rejected and the following error logged:

STARTTLS=server: file path unsafe: reason

Even ...

Get Sendmail, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.