Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328
Original Poster
Rep:
Quote:
Originally posted by markstevens well let's see.
My big question here is .... which Certificate is it talking about? The server certificate or the CA?
Its refferring to the certificate that is provided to the client which is in fact the Certificate that would be held by the third party CA for distribution.
well it is the end of the day for me... I will perhaps give this one more shot tomorrow.
I guess after everything I have read I still do not understand what is trying to happen here. This after 7 different how to's and several different read me files.
So what you are saying is that the CA is what is not matching?
OK... let me throw this out there.
I created a Certificate of Authority. Then I created a certificate/key (.pem) to be used with sendmail... I then created a certificate from that which was signed by my CA.
So I have: CAcert.pem mycert.pem and mykey.pem
Sendmail is configured to look for the CA as CAcert.pem, the server and client Certificate as mycert.pem and the server and client key as mykey.pem.
I never install anything through RPM so I can't help you with the compile options. Most apps leave a log file so that you can re-configure quickly.
Good luck.
BTW - our company dropped sendmail some time ago for security reasons. Our qmail system has passed all security audits...not suggesting you change course at this point, just a response to your comment about security and the net.
No MS servers are allowed in our building, aside from our testing labs as our apps are platform independent - those don't have internet access...
Well the good news and the bad... The bad news first... I was just informed that the president of the company has, against my continued objection, dictated that the company will use full version outlook and exchange mail server so that he can have the calendar feature and so that he can pay some company to send out spam on our behalf to past, current, and future clients...
What a wonderful world we live in...
The good news... I am going to keep going on this until I get it to work. I have actually thought about switching to qmail but now that we are going the WRONG way with e-mail I will pass.
Why do people who have no comprehension of systems etc. end up having the final say on technical issues?????
$$$
The only reason we were relieved of our M$ burden was the cost associated with nimda and a few other nasties. We happen to have a lot of in-house systems expertise, so the fear of deploying opensource was much less.
I think you lose some of the collaboration/workflow capabilities (shared calendars, etc) if you only use sendmail, without exchange on the backend, but I could be wrong.
The only reason we were relieved of our M$ burden was the cost associated with nimda and a few other nasties. We happen to have a lot of in-house systems expertise, so the fear of deploying opensource was much less.
I think you lose some of the collaboration/workflow capabilities (shared calendars, etc) if you only use sendmail, without exchange on the backend, but I could be wrong.
My final statement to the president was... "This company will not survive a NIMBDA attack. We will go under should we become the victims of such an attack. "
You are correct about the collaboration which is 40% of the reason he wants it.
His reason
40% collaboration
25% my friends all use it
35% Every other company in the world is using it.
Hmmm so he has talked to every other company in the world? yeah right...
Anyway... so far no luck... I have having trouble identifying what my mail client must think is the name of the destination domain... so I am trying a lot of variations... too much typing...
ok some of the how tos have 4 lines that are supposed to be added... here is the snippet...
--------------------------------------------------------------------------------
Add the following lines (modifying the paths as appropriate). If your OpenSSL install is someplace searched by your compiler by default, then the confINCDIRS and confLIBDIRS lines are not necessary.
==============================================
1. Creating RSA Private Key using random bit pattern (-des3 adds a tripled des encrypted password of your choice to protect private key).
I'm running slack 8.1 and trying with no luck to get ssl working.
I entered this command and it just hung there. How long does it take to generate
the key. I'm on a 1.7 GHz machine with plenty of RAM. Should it only take a few seconds, or should I wait like 15 minutes?
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328
Original Poster
Rep:
That looks like you dont have a functioning urandom "device" try pointing the path to a Kernel image file that should suffice in providing a random bit pattern.
simple how-to.. but really nice .. although i am registered here before.. but i found this link from a google search .. hehe.
i liked it.. simple and useful..
but one thing i want to know.. your encryption is 512 bit strong.. and i am sure there are better.. i cant remember the number.. do you know other bits? and how to do them? and where to use them?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.