Sendmail [was OpenSSL]

Alexander Dalloz alexander.dalloz at
Thu Jul 15 14:08:30 UTC 2004

Am Do, den 15.07.2004 schrieb James Kosin um 15:43:

> 	Just one side point or question.  How do you generate a key with a
> different serial number?  Or should I be using the same key for pop3s
> and semdmail TLS?

> James Kosin

Hi James!

It does not matter, as long as you don't use certificates for
authentication. From what I understand by your efforts you just want to
activate TLS, both for Sendmail as for POP3 (where it is called POP3s
then). In this case the certificate is only used for handshaking and
building an encrypted connection. The only important thing you must take
care for is to use as CN the real resolvable FQDN when creating the
certificate. Else some clients complain at every connection or they even
reject to connect due to a claimed insecure connection / mismatching
certificate detected. I myself simply name my mail server
mail.mydomain.tld and use that name for my users / customers for SMTP
(Sendmail) and IMAPs and POP3s.


Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) Athlon CPU kernel 2.6.6-1.435.2.3.uml
Serendipity 16:01:03 up 2 days, 13:43, load average: 1.25, 1.18, 1.11 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : 

More information about the users mailing list