Sendmail 8.13.3 Securing Mailing Solution
The ./CA.pl –newreq command creates the following files:
• The private key of the Sendmail 8.13.3 server (./newkey.pem)
• The original (unsigned) certificate request (./newreq.pem)
c. To sign the certificate using the CA created in Step a, enter the following
command:
$ CA.pl –sign
A signed public certificate, ./newcert.pem (with its public key), is created
for the Sendmail 8.13.3 server.
5. To create a subdirectory certs under the /etc/mail directory, enter the following
command:
mkdir –p /etc/mail/certs
6. To set the appropriate permissions to the certs subdirectory, enter the following
command:
chmod 755 certs
7. To change the directory location to certs, enter the following command:
cd /etc/mail/certs
8. To copy the previously created CA certificate, the Sendmail 8.13.3 server certificate,
and the key from the /opt/openssl/misc/ directory to the /etc/mail/certs
directory, enter the following commands:
cp /opt/openssl/misc/demoCA/cacert.pem
/etc/mail/certs/cacert.pem
cp /opt/openssl/misc/newkey.pem
/etc/mail/certs/servername-key.pem
cp /opt/openssl/misc/newcert.pem
/etc/mail/certs/servername-cert.pem
9. To create a hashed symbolic link to the CA certificate, enter the following command:
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem`.0
This command reads the cacert.pem file and creates an 8-character cryptographic
hash, which is used as the filename (with '.0' appended) that links to the CA
certificate. During a certificate exchange in an SSL handshake, Sendmail 8.13.3
computes the hash of the received public key of the CA certificate, appends '.0' to
the hash, and compares the computed hash with its own copy of the public key
of the CA certificate.
10. To verify whether the symbolic link to the CA certificate is created properly, enter
the following command:
ll *.0
Ensure that you obtain an output similar to the following:
2197 lrwxrwxrwx 1 root sys 10 Jul 9 09:44 fea4e1bb.0 -> cacert.
pem
Configuring Sendmail 8.13.3 with TLS and SSL 17