| Deutsch English Français Italiano |
|
<87ldxn3wjp.fsf@miraculix.mork.no> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder2.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: =?utf-8?Q?Bj=C3=B8rn_Mork?= <bjorn@mork.no> Newsgroups: comp.mail.sendmail Subject: Re: adding CA certificates (for use by sendmail) Date: Wed, 13 Nov 2024 17:53:14 +0100 Organization: m Lines: 19 Message-ID: <87ldxn3wjp.fsf@miraculix.mork.no> References: <87ttcbly3k.fsf@example.com> <vh18n8$oeh$1@tncsrv09.home.tnetconsulting.net> <lpjs1lFp43nU1@mid.individual.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Date: Wed, 13 Nov 2024 17:53:14 +0100 (CET) Injection-Info: dont-email.me; posting-host="a04304c68592b083fe63d1ee3998f903"; logging-data="2419269"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+yNgZmwm/Fz755ye1WaHrL" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) Cancel-Lock: sha1:ZkcuDyGYtfLsKQBVY+DnfqE02lI= sha1:8Bbr6ql5aH2sXClFTOCu/keXTJA= Bytes: 1830 groenveld@acm.org (John D Groenveld) writes: > # grep CACERT /usr/local/share/sendmail/cf/README > define(`confCACERT_PATH', `/etc/mail/certs/') > define(`confCACERT', `/etc/mail/certs/CA.cert.pem') > confCACERT_PATH CACertPath [undefined] Path to directory with > confCACERT CACertFile [undefined] File containing at least Note that CACertPath is for validating servers you connect to (STARTTLS=client), while CACertFile is for validating clients connecting to you (STARTTLS=server). The latter should only contain CAs under your administrative control if you do client certificate based authentication. And that's the only point of having anything there. Bjørn