Sujet : Re: adding CA certificates (for use by sendmail)
De : bjorn (at) *nospam* mork.no (Bjørn Mork)
Groupes : comp.mail.sendmailDate : 13. Nov 2024, 17:53:14
Autres entêtes
Organisation : m
Message-ID : <87ldxn3wjp.fsf@miraculix.mork.no>
References : 1 2 3
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
groenveld@acm.org (John D Groenveld) writes:
# grep CACERT /usr/local/share/sendmail/cf/README
define(`confCACERT_PATH', `/etc/mail/certs/')
define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
confCACERT_PATH CACertPath [undefined] Path to directory with
confCACERT CACertFile [undefined] File containing at least
Note that CACertPath is for validating servers you connect to
(STARTTLS=client), while CACertFile is for validating clients connecting
to you (STARTTLS=server).
The latter should only contain CAs under your administrative control if
you do client certificate based authentication. And that's the only
point of having anything there.
Bjørn
adding CA certificates (for use by sendmail)
Re: Trusted CA config