Interesting, I wasn't aware it was linked to the admsrv. I see that it uses the CA information in /etc/pki/tls/certs/ca-bundle.crt which I had to wget http://www.cacert.org/certs/root.txt and append it to the file to make it not treats cacert.org as a self-sign.
I had put the key and cert into /usr/share/ssl/certs/sendmail.pem and added the CA to /usr/share/ssl/certs/ca-bundle.crt but it was still saying self signed until I modified /etc/pki/tls/certs/ca-bundle.crt as well. I wonder if cacert.org will eventually be added to the list of CA, it's a good service. Thanks - Ernie. > > Hi Ernie, > > > I just obtained an SSL certificate from CAcert.org that I want to use for > > encrypting TLS smtp sessions between a couple of servers. > > > > Can somebody tell me which directory the certifcate needs to go in? > > > > I have only dealt with Apache certificates in the past and I don't knwow > > where the TLS certs live. > > In the GUI go to "Server Management" / "Security" / "SSL". > > Do the "Create Signing Request" as you'd do for a virtual site. But this > is the certificate for the AdmServ, so it uses the server name. > > If you create a self signed cert or install a "real" cert, then that > certificate is used both for the GUI and for SMTP. > > Once the certificate is installed, you can test it this way: > > openssl s_client -connect server.company.com:465 > > It'll show you if it works or not and you can see which certificate > information an email client would see. > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx > -- "I Ping therefore I am." _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
