LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-26-2008, 02:56 AM   #1
fatra2
Member
 
Registered: Feb 2004
Location: Switzerland
Distribution: Fedora - RedHat - Mandrake - OpenSuse
Posts: 216

Rep: Reputation: 35
sendmail and Certificate Authority


Hello,

I am running a server from home. I have a apache webserver, an e-mail server, a dhcp server, and so on. Everything seems to work fine, and I can only thank Linux OS for that ease and stability.

I would like for to connect and transact using ssl. Therefore, I got myself a certificate from a CA. Everything works well with the apache web server. I used the same certificate for dovecot-IMAP without to many problem.

The head breaker comes with sendmail. I cannot find out where to include or tell the sendmail server to look for my certificate. I look around the web, I tried changing the CERT "section" in sendmail.mc file. When I restart my e-mail client, I keep on getting that my certificate is for the localhost.localdomain.

Then, of course, when I try to send e-mail, some servers will reject my message due to the fact that my certificate and my address are not the same.

Anyone knows where and what I can change to make the certificate to my name and no more to locahost.localdomain.

Thanks

Cheers
 
Old 03-26-2008, 05:06 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
You need to set these options in your mc and create a new cf
Code:
define(`confCACERT_PATH',`/path_to_certs_location')
define(`confCACERT',`')
define(`confSERVER_CERT',`')
define(`confSERVER_KEY',`')
 
Old 03-26-2008, 06:55 AM   #3
fatra2
Member
 
Registered: Feb 2004
Location: Switzerland
Distribution: Fedora - RedHat - Mandrake - OpenSuse
Posts: 216

Original Poster
Rep: Reputation: 35
Hi there,

I include these commands in what I called the "Cert section". I thought that these commands were telling sendmail where to look for my certificate. So I retried the whole procedure to make sure.

When I restart my mail client, I get the same error message, that my certificate is being held by "localhost.localdomain".

I don't know where or what to look for anymore.
 
Old 03-26-2008, 07:05 AM   #4
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Something like this may help. There are lots of howtos on creating certificates around.

http://www.openssl.org/docs/HOWTO/certificates.txt

Edit - note you will need to use the correct fqdn to avoid the type of message you are getting

Last edited by billymayday; 03-26-2008 at 07:08 AM.
 
Old 03-26-2008, 07:12 AM   #5
fatra2
Member
 
Registered: Feb 2004
Location: Switzerland
Distribution: Fedora - RedHat - Mandrake - OpenSuse
Posts: 216

Original Poster
Rep: Reputation: 35
Hi there,

But I have certificates. It seems to work perfectly with my apache webserver, and with my dovecot-imap server. I just don't understand why sendmail does not recongizes certificate. It keeps on telling me that the certificate for "localhost.localdomain" is not approriate, which I know. That is why I create a certificate from a CA.

My question still stands. Where can I look into my sendmail server, to tell it to not take the localhost certificate but the one I created.

Cheers
 
Old 03-26-2008, 07:40 AM   #6
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
If you have the correct values there then it should pick up the correct certificate.
 
Old 03-26-2008, 09:29 AM   #7
fatra2
Member
 
Registered: Feb 2004
Location: Switzerland
Distribution: Fedora - RedHat - Mandrake - OpenSuse
Posts: 216

Original Poster
Rep: Reputation: 35
Hi there,

I thank everyone that help me with this problem. I guess I made a fool of myself. The certificate is there, and sendmail picks it up.

Something else gave the message "Unable to verify localhost.localdomain certificate". I apologize to everyone, because the problem came from my /etc/hosts file. For a reason or another, the line "127.0.0.1 localhost.localdomain localhost" disappear. As soon as I put this line back, the message did not show anymore.

In the future, I will try to look at all the possible details.

Anyways, thank you again for your answers. It still brought me alot of understanding about sendmail.

Cheers
 
Old 03-27-2008, 10:07 AM   #8
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
Smile Red-herring recipes

It happens to us all. Don't worry about a red-herring... just break out the capers and maybe a nice light wine and have dinner.
 
Old 03-27-2008, 10:18 AM   #9
DotHQ
Member
 
Registered: Mar 2006
Location: Ohio, USA
Distribution: Red Hat, Fedora, Knoppix,
Posts: 548

Rep: Reputation: 33
Dang, just when I was going to ask you about your hosts file.

No need to apologize. Thank you for coming back and posting the resolution to your problem. That helps when someone else has a similar issue they'll now know to check their /etc/hosts file.
It's all good!!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Install certificate in Sendmail SSL soylentgreen Linux - Server 0 10-11-2007 10:15 AM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 11:28 AM
Cert Authority: apache,dovecot,sendmail certs psychobyte Linux - Networking 0 09-16-2005 01:15 AM
user's authority Xiangbuilder Linux - Newbie 1 12-29-2004 10:32 AM
up2date bug fixed: New up2date avail. with updated SSL certificate authority file dkaplowitz Red Hat 2 09-04-2003 06:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration