egd is a
In addition to access of random information, the system administrator must have a set of digital certificates that defines the authority (local or remote), server and client identification. Certificates follow a hierarchical model, the X.509 Certificate Authority.
Server certificates are used for incoming connections, and client certificates are used for outbound connections. A single certificate can be shared for both functions.
Certificates contain identity information. Here is an example:
/C=US /ST=New Hampshire /L=Nashua /O=OurCompany.org /CN=OurCompany CA
[additional abbreviated information]
Table 10 Certificate Defaults
Certicate Authority | Abbreviation |
|
Certificate Authority | Certificate Authority (signs certificates) | CA |
Certificate Issuer | One that issues certificates (a CA) | CI |
Certificate | The public part of the key pair (identity | cert |
| information) |
|
Key | Private part of the key pair | key |
Distinguished name | unique name | DN |
Common name | Common (not necessarily unique) | CN |
| Hostname, or user's full name |
|
A TLS certificate can be bought from a certification authority, or it can be created locally for use. Commercial companies such as VeriSign, Equivax and Thawte provide certification related functions. Once the commercial transaction has taken place, store the certificate information in the /var/ adm/sendmail/certs/cacert.pem.
If you have commercial certificates or has created his own Certificate Authority, review the Certificate Authority section in Appendix A.
The following fields in the Sendmail TLS menu must be completed to allow proper functioning of the TLS between server and server, or server and client.
Servers and clients have certificate and key files. The Certificate Authority Certificate is the top level identifier that ties the machines identity to a well known (trusted) authority. The server certificate is used for inbound connections and identifies the server to the connector. The client certificate identifies connecting client to the remote mail server. The client certificate can be the same as the server certificate. The server and client keys are the private keys used in the security transaction.
Table 11 TLS Certificate Values
Field Name | Default |
Certificate Authority Certificate Directory (CA) | /var/adm/sendmail/certs |
Certificate Authority Certificate | $CA/CA.cert.pem |
Server Certificate File | $CA/server.cert.pem |
Server Key File | $CA/server.key.pem |
Client Certificate File | $CA/client.cert.pem |
Client Key File | $CA/client.cert.pem |
To configure the values for TLS, follow these steps:
