If
so, you can create the following symbolic link as a shortcut just to verify that the
prior command will actually work:
# ln -s ../CA demoCA
If all went well, you ???clean up.??? The csr.pem file may be removed because it was only
a scratchfile needed for signing. The newcert.pem may be removed because it is the
unsigned cert. The file cert.pem contains the CA signed cert.
To view the certificate you created (or any certificate, for that matter) simply use a
command like the following:
# openssl x509 -noout -fingerprint -text -in cert.pem
We don??™t show the output of this command because it can run to multiple pages.
You can redirect this output into a file, if you wish, and share that file on a web site.
Its output is your CA signed public key in text format.
Lastly, recall that sendmail can run as either a client or a server. Whether you use the
same certificate for bothroles is a matter of policy. But if you wishto offer TLS for
both roles using separate certs for each, you should now rename the cert.pem and
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
210 | Chapter 5: Authentication and Encryption
key.pem files for the server??™s use and create (using the procedure we just outlined)
another CA signed certificate for use with the client:
# mv cert.
Pages:
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400