Its refferring to the certificate that is provided to the client which is in fact the Certificate that would be held by the third party CA for distribution.

well it is the end of the day for me... I will perhaps give this one more shot tomorrow.

I guess after everything I have read I still do not understand what is trying to happen here. This after 7 different how to's and several different read me files.

So what you are saying is that the CA is what is not matching?

OK... let me throw this out there.

I created a Certificate of Authority. Then I created a certificate/key (.pem) to be used with sendmail... I then created a certificate from that which was signed by my CA.

So I have: CAcert.pem mycert.pem and mykey.pem

Sendmail is configured to look for the CA as CAcert.pem, the server and client Certificate as mycert.pem and the server and client key as mykey.pem.

Does any of that help?

mycertificate.pems CN is not matching DNS of server

I never install anything through RPM so I can't help you with the compile options. Most apps leave a log file so that you can re-configure quickly.

Good luck.

BTW - our company dropped sendmail some time ago for security reasons. Our qmail system has passed all security audits...not suggesting you change course at this point, just a response to your comment about security and the net.

No MS servers are allowed in our building, aside from our testing labs as our apps are platform independent - those don't have internet access...

Well the good news and the bad... The bad news first... I was just informed that the president of the company has, against my continued objection, dictated that the company will use full version outlook and exchange mail server so that he can have the calendar feature and so that he can pay some company to send out spam on our behalf to past, current, and future clients...

What a wonderful world we live in...

The good news... I am going to keep going on this until I get it to work. I have actually thought about switching to qmail but now that we are going the WRONG way with e-mail I will pass.

Oh well day 5 of STARTTLS...

Why do people who have no comprehension of systems etc. end up having the final say on technical issues?????

He could quite easily still use Outlook with a Sendmail server.

Thats a tough break. I know I wouldnt be too happy. But hope you get the TLS stuff sorted.

Dai

$$$

The only reason we were relieved of our M$ burden was the cost associated with nimda and a few other nasties. We happen to have a lot of in-house systems expertise, so the fear of deploying opensource was much less.

I think you lose some of the collaboration/workflow capabilities (shared calendars, etc) if you only use sendmail, without exchange on the backend, but I could be wrong.

My final statement to the president was... "This company will not survive a NIMBDA attack. We will go under should we become the victims of such an attack. "

You are correct about the collaboration which is 40% of the reason he wants it.

His reason
40% collaboration
25% my friends all use it
35% Every other company in the world is using it.

Hmmm so he has talked to every other company in the world? yeah right...

Anyway... so far no luck... I have having trouble identifying what my mail client must think is the name of the destination domain... so I am trying a lot of variations... too much typing...

ok some of the how tos have 4 lines that are supposed to be added... here is the snippet...

--------------------------------------------------------------------------------
Add the following lines (modifying the paths as appropriate). If your OpenSSL install is someplace searched by your compiler by default, then the confINCDIRS and confLIBDIRS lines are not necessary.

dnl Stuff for TLS
APPENDDEF(`confINCDIRS', `-I/usr/local/include')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib')
APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')

--------------------------------------------------------------------------------

Ok so I don't know if my OpenSSl is installed in someplace searched by my compliler by default.

But the question I have is... Do these four lines go in the sendmail.mc file or the openssl.cnf file?

Thanks..

I did notice that I do not have a .randnum file where openssl.cnf is looking for it...

==============================================
1. Creating RSA Private Key using random bit pattern (-des3 adds a tripled des encrypted password of your choice to protect private key).

#openssl genrsa –des3 -rand /dev/urandom -out private.key

I'm running slack 8.1 and trying with no luck to get ssl working.
I entered this command and it just hung there. How long does it take to generate
the key. I'm on a 1.7 GHz machine with plenty of RAM. Should it only take a few seconds, or should I wait like 15 minutes?

That looks like you dont have a functioning urandom "device" try pointing the path to a Kernel image file that should suffice in providing a random bit pattern.

Hope that helps

simple how-to.. but really nice .. although i am registered here before.. but i found this link from a google search .. hehe.

i liked it.. simple and useful..



but one thing i want to know.. your encryption is 512 bit strong.. and i am sure there are better.. i cant remember the number.. do you know other bits? and how to do them? and where to use them?


thanks in advance

please help me to configure telnet in redhat linux9.

regards
Manju