Internet Express for Tru64 UNIX Version 6.8 Administration Guide (14233)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1B

111

112

113

114

115

116

117

118

119

120

Table 5-5 Certificate Defaults (continued)

DNunique nameDistinguished name

CNCommon (not necessarily unique)

Hostname, or user's full name

Common name

A TLS certificate can be bought from a certification authority, or it can be created locally for use.

Commercial companies such as VeriSign, Equivax and Thawte provide certification related

functions. Once the commercial transaction has taken place, store the certificate information in

the /var/adm/sendmail/certs/cacert.pem.

If you have commercial certificates or has created his own Certificate Authority, review the

Certificate Authority section in Appendix A.

The following fields in the Sendmail TLS menu must be completed to allow proper functioning

of the TLS between server and server, or server and client.

Servers and clients have certificate and key files. The Certificate Authority Certificate is the top

level identifier that ties the machines identity to a well known (trusted) authority. The server

certificate is used for inbound connections and identifies the server to the connector. The client

certificate identifies connecting client to the remote mail server. The client certificate can be the

same as the server certificate. The server and client keys are the private keys used in the security

transaction.

Table 5-6 TLS Certificate Values

DefaultField Name

/var/adm/sendmail/certsCertificate Authority Certificate Directory (CA)

$CA/CA.cert.pemCertificate Authority Certificate

$CA/server.cert.pemServer Certificate File

$CA/server.key.pemServer Key File

$CA/client.cert.pemClient Certificate File

$CA/client.cert.pemClient Key File

To configure the values for TLS, follow these steps:

1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source

Configuration Rules.

2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

3. On the Configure Sendmail Server menu, make sure that Server is selected and click on

Configure.

4. From the Configure Sendmail Server menu, choose Configure Trusted Layer Security (TLS).

A form is displayed, showing the current performance values.

5. Click in the Enable TLS for Server Connections checkbox to enable TLS.

6. Modify the values in the fields as desired. See Table 5-6.

7. Click in the Disable Client Verification checkbox to disable client verification,

8. Click Submit.

In addition, all remote systems that the server will connect to using TLS, must enable TLS to

complete the transmission loop in a secure manner.

After the fields are completed, TLS support can be enabled. To debug a non-working connection,

check the mail log for error messages.

118 Mail Delivery Administration