A Sendmail Supplemental Information
This appendix includes the following Sendmail information:
•How to create a certificate of authority (Section : Creating a Certificate of Authority)
•Background on OpenSSL certificate creation (Section : Background - OpenSSL Certificate Creation)
•A sample mail filter (Section : Mail Filter Example)
Creating a Certificate of Authority
Local SSL certificates can be created using the security software included in the Sendmail subset of Internet Express. To create a local Certificate Authority, use the CA.pl command and fill in the required fields. The Perl script will ask for your site information for creating the Authority and the public and private keys.
#alias openssl=/usr/internet/bin/openssl
#/usr/internet/openssl/misc/CA.pl
Executed in the /var/adm/sendmail directory, the default created directory for this command is demoCA. Using the demoCA directory allows key creation without interfering with the live system resources. The public key is created in cacert.pem and the private key is in private/ cakey.pem. The private key is used to sign other SSL certs.
Background - OpenSSL Certificate Creation
OpenSSL is part of the sendmail kit and the command openssl is installed in /usr/internet/ ssl/bin directory.
There are two ways to create a certificate authority. One is to follow the command list below. The other is to run the CA.pl command included in the /usr/internet/ssl/misc directory. The CA.pl command steps through the same procedure as listed here.
1.Create Certificate Authority (CA)
#mkdir certs crl newcerts private
#chmod 0700 private
#
#echo "01" > serial # cp /dev/null index.txt
#openssl req
2.Create certificates
#umask 0066
#openssl req
3.Sign new certificates using CA
#openssl x509
#openssl ca
#rm
#
her t
268 Sendmail Supplemental Information