Install Certificate in CanIt
Here's my recommended "best practices" solution to this:
- Part 1: Install the server's certificate using the Setup : HTTPS function.##
This function asks you for the cert and its key. It will update files in /etc/ssl/ and it will get HTTPS working for your web interface.
This isn't what you asked for, but later we'll make Sendmail use the same cert/key for TLS. A big bonus of doing it this way is that when the time comes to update the cert/key, you can easily use Setup : HTTPS again and the updates will be used by both Apache and Sendmail. Future key updates are a snap.
- Part 2: Making Sendmail behave##
Step (1) will create / update /etc/ssl/private/canit-appliance.key and /etc/ssl/certs/canit-appliance.crt.
We'll leave Sendmail's config file alone; instead we'll just create symlinks in /etc/mail/tls/ to the appropriate files.
These commands will do the business:
mv /etc/mail/tls/sendmail-client.crt /etc/mail/tls/sendmail-client.crt.orig mv /etc/mail/tls/sendmail-server.crt /etc/mail/tls/sendmail-server.crt.orig mv /etc/mail/tls/sendmail-common.key /etc/mail/tls/sendmail-common.key.orig
ln -s /etc/ssl/certs/canit-appliance.crt /etc/mail/tls/sendmail-client.crt ln -s /etc/ssl/certs/canit-appliance.crt /etc/mail/tls/sendmail-server.crt ln -s /etc/ssl/private/canit-appliance.key /etc/mail/tls/sendmail-common.key
Then restart Sendmail: