ClientCertFile
File containing the client’s public certificate V8.11 and later
STARTTLS and stream encryption are discussed in detail
in STARTTLS on page 202. Among
the items you might need to create, or purchase, to
set up stream encryption is a certificate for your
client side. A client certificate is used by
sendmail when it is acting in
the role of a sender (dispatching outbound email).
It is contained in a file whose location is set with
this ClientCertFile option, using
declarations that look like this:
O ClientCertFile=path ← configuration file (V8.11 and later) -OClientCertFile=path ← command line (V8.11 and later) define(`confCLIENT_CERT',`path') ← mc configuration (V8.11 and later)
Here, path is a full path
specification of the file containing the
certificate. The path can
contain sendmail macros, and if
so, those macros will be expanded (their values
used) when the configuration file, or command line,
is read:
define(`confSERVER_CERT', `${MyCERTPath}/ClntCert.pem')The path must be a full
pathname (must begin with a slash), or the file will
be rejected and the following error logged:
STARTTLS: ClientCertFile missing
The path must also live in
a directory that is safe (every component of which
is writable only by root or the
trusted user specified in the TrustedUser option) and
must itself be safe (owned by and writable only by
root or the trusted user
specified in the TrustedUser option; see TrustedUser on page 1112). If it is not, it will be rejected and the following error ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
