Sendmail Certificates

by J. Edward Durrett


To make new self-signed certificates for sendmail, do the following:

cd /etc/mail/certs
openssl req -nodes -new -x509 -keyout cakey.pem -out cacert.pem -days 365
openssl req -nodes -nodes -new -x509 -keyout host.key -out host.cert -days 365
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem`.0

The second line creates a CA that expires in 356 days. The -nodes option makes the
CA certificate passwordless.

The third line creates the host certificate and private key. Again, this is
passwordless and it expires in 365 days.

The last line creates a hash of cacert.pem and creates a symbolic link ending in .0
to cacert.pem

If there keys files and certificates already there, either back them up
or remove them first.

Copyright (c) 2019, Jason Edward Durrett - All content on this site, unless otherwise noted, is subject to this license.

Please contact me if any errors, such as erroneous / misleading content or missing / incomplete attribution, are found.