Sendmail 8.13.3 Securing Mailing Solution

NOTE: The KRNG11i strong random number generator is required only for the

HP-UX 11i v1 operating system. For the HP-UX 11i v2 and HP-UX 11i v3 operating

systems, the random number generator is available as part of the core HP-UX

operating system.

• The OpenSSL software

NOTE: You must install the latest version of the OpenSSL software from http://

www.software.hp.com lists to avoid errors while running the CA.pl script. Table 1

(page 14) lists the version of OpenSSL that you must install for different HP-UX

operating systems.

Table 1 OpenSSL Versions

OpenSSL VersionOperating System Name

A.00.09.07lHP-UX 11i v1

A.00.09.07l.001HP-UX 11i v2

A.00.09.08d.001HP-UX 11i v3

• The latest version of the Sendmail 8.13.3 web upgrade.

NOTE: For the HP-UX 11i v3 operating system, Sendmail 8.13.3 is available as

part of the core HP-UX operating system. For the HP-UX 11i v1 and HP-UX 11i

v2 operating systems, Sendmail 8.13.3 is available as a web upgrade at:

http://www.software.hp.com

Generating Certificates and Keys

The OpenSSL script, /opt/openssl/misc/CA.pl, can be used to generate the

certificates and keys. By default, the certificates are encrypted using the DES encryption.

You must log in as a superuser and modify the CA.pl script to prevent the certificates

from being DES encrypted.

Follow this procedure to generate certificates and keys:

1. To change the directory to /opt/openssl/misc, enter the following command:

cd /opt/openssl/misc

2. To copy the CA.pl script to the CA.pl.ORIGINAL script, enter the following

command:

cp CA.pl CA.pl.ORIGINAL