Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)
egd is a Perl-based persistent daemon that gathers and then sources to Sendmail a flow of
pseudorandom information. This information is used for encryption actions.
In addition to access of random information, the system administrator must have a set of digital
certificates that defines the authority (local or remote), server and client identification. Certificates
follow a hierarchical model, the X.509 Certificate Authority.
Server certificates are used for incoming connections, and client certificates are used for outbound
connections. A single certificate can be shared for both functions.
Certificates contain identity information. Here is an example:
/C=US /ST=New Hampshire /L=Nashua /O=OurCompany.org /CN=OurCompany CA
[additional abbreviated information]
Table 10 Certificate Defaults
AbbreviationCerticate Authority
CACertificate Authority (signs certificates)Certificate Authority
CIOne that issues certificates (a CA)Certificate Issuer
certThe public part of the key pair (identity
information)
Certificate
keyPrivate part of the key pairKey
DNunique nameDistinguished name
CNCommon (not necessarily unique)
Hostname, or user's full name
Common name
A TLS certificate can be bought from a certification authority, or it can be created locally for use.
Commercial companies such as VeriSign, Equivax and Thawte provide certification related functions.
Once the commercial transaction has taken place, store the certificate information in the /var/
adm/sendmail/certs/cacert.pem.
If you have commercial certificates or has created his own Certificate Authority, review the Certificate
Authority section in Appendix A.
The following fields in the Sendmail TLS menu must be completed to allow proper functioning of
the TLS between server and server, or server and client.
Servers and clients have certificate and key files. The Certificate Authority Certificate is the top
level identifier that ties the machines identity to a well known (trusted) authority. The server certificate
is used for inbound connections and identifies the server to the connector. The client certificate
identifies connecting client to the remote mail server. The client certificate can be the same as the
server certificate. The server and client keys are the private keys used in the security transaction.
Table 11 TLS Certificate Values
DefaultField Name
/var/adm/sendmail/certsCertificate Authority Certificate Directory (CA)
$CA/CA.cert.pemCertificate Authority Certificate
$CA/server.cert.pemServer Certificate File
$CA/server.key.pemServer Key File
$CA/client.cert.pemClient Certificate File
$CA/client.cert.pemClient Key File
To configure the values for TLS, follow these steps:
Sendmail Server Administration 115