Claus Assmann <[EMAIL PROTECTED]> writes: >On Sat, Jun 30, 2007, Fredrik Staxeng wrote: >> Claus Assmann <[EMAIL PROTECTED]> writes: > >> >> I get the dreaded 'Relaying denied. Proper authentication needed.' > >> >You don't need AUTH, STARTTLS is sufficient. See cf/README: > >> Then I would need client certificates, wouldn't I? > >Yes. As you have a cert for your server, why not create >one for your client? It's barely more complicated than >exchanging the credentials for AUTH, but STARTTLS is >much simpler to set up than AUTH (i.e., Cyrus-SASL).
I have a self-signed server cert that I created using commands that I barely understand. I have no idea where to start. I guess I need a CA key, and CA cert. Then I need to make sendmail trust the new cert? Then I can generate a key, signing request, and certificate, and make a PKCS12 file, which seems to be what Thunderbird wants. Would it be something like this: openssl dsaparam 1024 -out dsa1024.pem openssl gendsa -out client.key dsa1024.pem openssl req -new -key client.key -out client.csr openssl x509 -req -days 365 -in client.csr -signkey /etc/ssl/private/sendmail.pme -out client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -- Fredrik Stax\"ang | rot13: [EMAIL PROTECTED] This is all you need to know about vi: ESC : q ! RET
