pem??)
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
24.9 Alphabetized Options | 985
The path must be a full pathname (must begin with a slash), or the file will be rejected and
the following error logged:
STARTTLS: ClientCertFile missing
The path must also live in a directory that is safe (every component of which is writable
only by root or the trusted user specified in the TrustedUser option) and must itself be safe
(owned by and writable only by root or the trusted user specified in the TrustedUser option;
see ?§24.9.122 on page 1112). If it is not, it will be rejected and the following error logged:
STARTTLS=client: file path unsafe: reason
But even if all goes well this far, there is still a chance that the SSL software will reject the
certificate, and sendmail will log the following:
STARTTLS=client, error: SSL_CTX_use_certificate_file(path) failed
The ServerCertFile option is not safe. If specified from the command line, it can cause
sendmail to relinquish its special privileges.
24.9.17 ClientKeyFile
File with the client certificate??™s private key V8.11 and later
STARTTLS and stream encryption are discussed in detail in ?§5.3 on page 202. Among the
items you might need to set up is a key file that corresponds to a certificate file. The client
key is used by sendmail when it acts in the roll of a sender (dispatching outbound email).
Pages:
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743