sendmail and Certificate Authority

fatra2 · 03-26-2008, 01:56 AM

Hello,

I am running a server from home. I have a apache webserver, an e-mail server, a dhcp server, and so on. Everything seems to work fine, and I can only thank Linux OS for that ease and stability.

I would like for to connect and transact using ssl. Therefore, I got myself a certificate from a CA. Everything works well with the apache web server. I used the same certificate for dovecot-IMAP without to many problem.

The head breaker comes with sendmail. I cannot find out where to include or tell the sendmail server to look for my certificate. I look around the web, I tried changing the CERT "section" in sendmail.mc file. When I restart my e-mail client, I keep on getting that my certificate is for the localhost.localdomain.

Then, of course, when I try to send e-mail, some servers will reject my message due to the fact that my certificate and my address are not the same.

Anyone knows where and what I can change to make the certificate to my name and no more to locahost.localdomain.

Thanks

Cheers

datopdog · 03-26-2008, 04:06 AM

You need to set these options in your mc and create a new cf

Code:

define(`confCACERT_PATH',`/path_to_certs_location')
define(`confCACERT',`')
define(`confSERVER_CERT',`')
define(`confSERVER_KEY',`')

fatra2 · 03-26-2008, 05:55 AM

Hi there,

I include these commands in what I called the "Cert section". I thought that these commands were telling sendmail where to look for my certificate. So I retried the whole procedure to make sure.

When I restart my mail client, I get the same error message, that my certificate is being held by "localhost.localdomain".

I don't know where or what to look for anymore.

billymayday · 03-26-2008, 06:05 AM

Something like this may help. There are lots of howtos on creating certificates around.

http://www.openssl.org/docs/HOWTO/certificates.txt

Edit - note you will need to use the correct fqdn to avoid the type of message you are getting

fatra2 · 03-26-2008, 06:12 AM

Hi there,

But I have certificates. It seems to work perfectly with my apache webserver, and with my dovecot-imap server. I just don't understand why sendmail does not recongizes certificate. It keeps on telling me that the certificate for "localhost.localdomain" is not approriate, which I know. That is why I create a certificate from a CA.

My question still stands. Where can I look into my sendmail server, to tell it to not take the localhost certificate but the one I created.

Cheers

datopdog · 03-26-2008, 06:40 AM

If you have the correct values there then it should pick up the correct certificate.

fatra2 · 03-26-2008, 08:29 AM

Hi there,

I thank everyone that help me with this problem. I guess I made a fool of myself. The certificate is there, and sendmail picks it up.

Something else gave the message "Unable to verify localhost.localdomain certificate". I apologize to everyone, because the problem came from my /etc/hosts file. For a reason or another, the line "127.0.0.1 localhost.localdomain localhost" disappear. As soon as I put this line back, the message did not show anymore.

In the future, I will try to look at all the possible details.

Anyways, thank you again for your answers. It still brought me alot of understanding about sendmail.

Cheers

sundialsvcs · 03-27-2008, 09:07 AM

It happens to us all.

Don't worry about a red-herring... just break out the capers and maybe a nice light wine and have dinner.

DotHQ · 03-27-2008, 09:18 AM

Dang, just when I was going to ask you about your hosts file.

No need to apologize. Thank you for coming back and posting the resolution to your problem. That helps when someone else has a similar issue they'll now know to check their /etc/hosts file.
It's all good!!!