If you don't intend to use TLS for authentication (and if you are using
self-signed certificates you probably don't) you can simply link
your new
certificate to CAcert.pem.
# ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem
If, on the other hand, you intend to use TLS for authentication you
should install your certificate authority bundle as
/etc/mail/certs/CAcert.pem.
You didn't mention this file.
So, just in case something else in the system might look for this, I did
the following:
ln -s dc0.crt CAcert.pem
I didn't think it would make any differencem but just for testing I did
anyway and I now have;
# ls -al
total 16
drwx------ 2 root wheel 512 Jun 2 22:05 .
drwxr-xr-x 3 root wheel 1024 Jun 2 20:56 ..
lrwxr-xr-x 1 root wheel 7 Jun 2 22:05 CAcert.pem -> dc0.crt
-rw------- 1 root wheel 1241 Jun 2 20:47 dc0.crt
-rw------- 1 root wheel 668 Jun 2 20:47 dc0.key
lrwxr-xr-x 1 root wheel 7 Jun 2 20:53 lo0.crt -> dc0.crt
lrwxr-xr-x 1 root wheel 7 Jun 2 20:53 lo0.key -> dc0.key
And still no go.
Obviously here the dc0.crt is what the mycert.pem would have been anyway.
smtpd.conf is looking for name.crt where the .crt is burned in the code,
so it's not optional to have it.
# cat /usr/src/usr.sbin/smtpd/ssl.c | grep .crt
"/etc/mail/certs/%s.crt", name)) {
So, that's for the clue, but that's not is yet anyway.
Best,
Daniel
