Name
ClientCertFile
Synopsis
STARTTLS and stream encryption are discussed in detail in Section 10.10. Among the items you might need to create, or
purchase, to set up stream encryption is a certificate for your
client side. A client certificate is used by
sendmail when it is acting in the role of a
sender (dispatching outbound email). It is contained in a file whose
location is set with this ClientCertFile option,
using declarations that look like this:
O ClientCertFile=path ← configuration file (V8.11 and later) -OClientCertFile=path ← command line (V8.11 and later) define(`confCLIENT_CERT',`path')← mc configuration (V8.11 and later)
Here, path is a full path specification of
the file containing the certificate. The
path can contain
sendmail macros, and if so, those macros will be
expanded (their values used) when the configuration file, or command
line, is read:
define(`confSERVER_CERT', `${MyCERTPath}/ClntCert.pem')The path must be a full pathname (must
begin with a slash), or the file will be rejected and the following
error logged:
STARTTLS: ClientCertFile missing
The path must also live in a directory
that is safe (every component of which is writable only by
root or the trusted user specified in the
TrustedUser option) and must itself be safe (owned
by and writable only by root or the trusted user
specified in the TrustedUser option, TrustedUser). If it is not, it will be rejected and the
following error logged:
STARTTLS=client: file path unsafe: reason
But if all goes well ...
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
