Lo all,
I'm getting an error while trying to connect to my sendmail server. The server works for both internal mail, and receiving/sending mail.
The problem lies with the certificates for SSL /STARTTLS. I have followed the mini tutorial on the sendmail site on how to generate the key pair (done it once already without problems for SSL in apache).
www.sendmail.org/~ca/email/other/cagreg.html Then I did..
Quote:
Edit newreq.pem and remove the unsigned certificate (leaving the private key). Copy the resulting newreq.pem to /etc/mail/certs/key.pem and copy newcert.pem to /etc/mail/certs/cert.pem. Set the permissions on key.pem to 400.
|
Then restarted sendmail.
Opening up a port & then telneting in gives me:
Code:
Trying MYIP...
Connected to my.host.co.uk.
Escape character is '^]'.
220 my.host.co.uk ESMTP Sendmail 8.12.11/8.12.11; Mon, 6 Dec 2004 12:44:45 GMT
ehlo localhost
250-my.host.co.uk Hello my.host.co.uk [MYIP], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 my.host.co.uk closing connection
Connection closed by foreign host.
Now trying to retrieve mail give this error in a win based prog called incredimail "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider". If I accept the certificate, then it will retreive mail. It does this everytime.. claims the certificates arent valid or somesuch.
In my M4 config file, I even specified absolute paths to the keys:
Code:
define(`CERT_DIR',`/etc/mail/certs')
define(`confCACERT_PATH',`CERT_DIR')
define(`confCACERT',`/etc/mail/certs/cacert.pem')
define(`confSERVER_CERT',`/etc/mail/certs/cert.pem')
define(`confSERVER_KEY',`/etc/mail/certs/key.pem')
define(`confCLIENT_CERT',`/etc/mail/certs/cert.pem')
define(`confCLIENT_KEY',`/etc/mail/certs/key.pem')
Does anyone have any ideas as how to resolve my sendmail headache?
Thanks