> Oct 31 13:28:37 bq1 sendmail[16295]: starting daemon (8.13.1): SMTP
> Oct 31 13:28:37 bq1 sendmail[16295]: STARTTLS: CRLFile missing
Odd, a quick google on this yields a few results though, worth a look. Check the "O
CRLFile" option has not uncommented somehow in sendmail.cf - my sendmail.mc doesn't
even possess the "confCRL" option which sets this and the sendmail.cf line is still
commented out.
> Oct 31 13:28:37 bq1 sendmail[16295]: STARTTLS=server, error:
> SSL_CTX_check_private_key failed(/etc/httpd/conf/ssl.key/server.key): 0
I'd start keeping your certs in the usual /usr/share/ssl/certs/ dir with appropriate
names to avoid any oddball path errors. Don't how a check of the key pair can fail
unless they are actually wrong halves or 1 is being missed. At least leaving them in
normal certs dir until your up and working should make testing easier.
> Oct 31 13:28:37 bq1 sendmail[16295]: STARTTLS=server:
> 16295:error:0B080074:x509 certificate
> routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
Again odd, although the sendmail.pem contains both private and cert sections and I
assume your are each part, shouldn't make any difference.
> Oct 31 13:28:37 bq1 sendmail[16295]: STARTTLS=server:
> 16295:error:140A80BE:SSL routines:SSL_CTX_check_private_key:no private
> key assigned:ssl_lib.c:777:
No key assigned so not working still :(
I'd try combining your priv/cert files to make a sendmail.pem looking file, dump in
normal certs dir say called sendmail2.pem - point to that and see what happens.
If only this stuff were as easy and it should be the internet would be a bit more
secure I imagine.
Oh, on a final note, we don't use SMTPS and I've no way to even test whether ours is
working - just trying to help blind really, sorry I couldn't be more helpful.
Gl.
Brett