13 and later)
-OCRLFile=/path/file ?†? command line (V8.13 and later)
define(`confCRL??,`/path/file??) ?†? mc configuration (V8.13 and later)
Here, /path/file is of type string and specifies the full-path location of the certificate revocation
list file. By default, the CRLFile option is not declared. But if the file is declared using
this CRLFile option, and does not exist or is unreadable or has bad permissions, all
STARTTLS commands are disallowed by sendmail. Note that the /path/file argument may
contain sendmail macros, and those macros will be expanded as the configuration file is
read.
If your version of OpenSSL is too old, the following warning will print when you try to
declare the CRLFile option, and the option will be ignored:
Warning: Option: CRLFile requires at least Open SSL 0.9.7
The file referenced by the CRLFile option is created using the openssl(1) command. For
example, if you are using your own CA, the following can be used to create a file named /etc/
ssl/crl.pem:??
openssl ca -revoke certificate-file ?†? first revoke the certificate
openssl ca -gencrl -out crl.pem ?†? then create the revocation list
If you need DER format in your revocation list file, you can substitute the following line for
the second line in the preceding snippet:
openssl crl -in crl.pem -outform der -out crl.der
* Secure Sockets Layer (SSLv2/v3) available from http://www.
Pages:
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759