ServerCertFile
File containing the server’s certificate V8.11 and later
STARTTLS and stream encryption are discussed in detail
in STARTTLS on page 202. Among
the items you might need to create, or purchase, to
set up stream encryption is a certificate for your
server. A server certificate is the certificate used
by sendmail when it is acting
in the role of a server (receiving inbound email).
The server certificate is contained in a file whose
location is set with this ServerCertFile option, with
declarations that look like this:
O ServerCertFile=path ← configuration file (V8.11 and later) -OServerCertFile=path ← command line (V8.11 and later) define(`confSERVER_CERT',`path') ← mc configuration (V8.11 and later
Here, path is a full path
specification of the file containing the
certificate. The path
might contain sendmail macros,
and if so, those macros will be expanded (their
values used) when the configuration file, or command
line, is read:
define(`confSERVER_CERT', `${MyCERTPath}/SrvrCert.pem')The path must be a full
pathname (must begin with a slash), or the file will
be rejected and the following error logged:
STARTTLS: ServerCertFile missing
The path must also live in
a directory that is safe (every component of which
is writable only by root or the
trusted user specified in the TrustedUser option) and
must itself be safe (owned by and writable only by
root or the trusted user
specified in the TrustedUser option). If it is not, it will be rejected and the following error logged: ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
