Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328
Rep:
Quick OpenSSL how to
Okay Ive seen several people posting here about problems with OpenSSL, so I just thought Id post a quick 3 step process that can be followed through by all when thier creating a self-signed Certificate: -
==============================================
1. Creating RSA Private Key using random bit pattern (-des3 adds a tripled des encrypted password of your choice to protect private key).
Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: wherever
Locality Name (eg, city) []:Sesame street
Organization Name (eg, company) [Internet Widgits Pty Ltd]: company name
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []: whatever.com (Must match the DNS name of Web server to avoid problems)
Email Address []: somebody@somewhere.com
3. Creating a self signed x509 Certificate based on Private Key and csr
#openssl x509 -req -days 1095 -in public.csr -signkey private.key -out public.cert
==============================================
I know this is a relatively quick explanation but it should help anyone who wants to use OpenSSL to create an RSA based public/private Key pair.
Please let me know if there are any errors, or if its of assistance to you.
And when I check my mail with Eudora 5.1 I get
Server does not support SSL.
Where do I start to fix this? I am going to look at the logs now to see if I notice anything since that is what everyone says to do... but I am not sure what I am looking for.
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328
Original Poster
Rep:
Firstly, as youre using the certificates I am assuming that the process outlined worked for you????
With regards to the SSL not supported poblem Im not sure really what to say as Ive not tried to use SSL with a mail server. As you said the best thing to do is check the logs etc...
It seems from the error your providing that the certificate and Private Key are working fine but theres a problem with the setup of the Sendmail server, Im just guessing here so bear wih me (Never really worked with Sendmail yet). Is it possible that you need to carry out further configuration to support SSL??????
For example with Apache 1.3 you need mod_ssl to communicate with OpenSSL. Is it possible that you need something similar for Sendmail???? Also I dont think you need to specify a server certificate only a client certificate. Also only the server needs to know where the private key is not the client.
Again sorry I cant be anymore help but Ive not really worked with Sendmail.
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328
Original Poster
Rep:
no problem, if it still doesent work just post back perhaps I can help by offerring a different perspective, or perhaps some other kind person who knows more about Sendmail than me could help
How can I tell if my version of sendmail is complied with SSL support? I am using the out of the box redhat 9 professional build of sendmail only making changes to the sendmail.mc file.
For some reason I am still getting the error. It is driving me nuts.
I have tried time and again creating new certs and keys over and over again. Nothing seems to work...
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328
Original Poster
Rep:
it just means from the directory that is specified as the default location of the certificate e.g. /ssl/key that ./CA/keyname.Pem is not found or full path /ssl/key/CA/keyname.key isnt found.
Possibly got the wrong path of where key is stored
dir = ./CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.