The key file is contained in a file whose location is set with this ClientKeyFile option, using
declarations that look like this:
O ClientKeyFile=path ?†? configuration file (V8.11 and later)
-OClientKeyFile=path ?†? command line (V8.11 and later)
define(`confCLIENT_KEY??,`path??) ?†? mc configuration (V8.11 and later)
Here, path is a full path specification of the file containing the key. The path can contain
sendmail macros, and if so, those macros will be expanded (their values used) when the
configuration file, or command line, is read:
define(`confCLIENT_KEY??, `${MyCERTPath}/ClntKey.pem??)
The path must be a full pathname (must begin with a slash) and must also live in a directory
that is safe (every component of which is writable only by root or the trusted user
specified in the TrustedUser option) and must itself be safe (owned by and writable only by
root or the trusted user specified in the TrustedUser option; see ?§24.9.122 on page 1112). If
it is not, it will be rejected and the following error logged:
STARTTLS=client: file path unsafe: reason
Note that the file must not be group- or world-readable.
But even if all goes well this far, there is still a chance that the SSL software will reject the
certificate, and sendmail will log the following:
STARTTLS=client, error: SSL_CTX_use_PrivateKey_file(path=) failed
This error means the key doesn??™t belong to the certificate, or that the key was encrypted.
Pages:
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744