Verify Fail

Can someone advise us please what are the pre-requisites for verify to work
and how important is it that we have it working?

I have tried everything I can think of and following the Bat Book but can't
get it to work. I now have a Verisign certificate installed but this does
not seem to help either.

Here is our access file:

Try_TLS:localhost NO
Try_TLS:127.0.0.1 NO
Try_TLS:10.130.148.40 NO
TLS_Srv:10.130.148.40 ENCR:0
# TLS_Srv:millcorner.ath.cx ENCR:128
TLS_Srv:connexions-leics.org ENCR:128
TLS_SRV: ENCR:128
TLS_Clt:10.130.148.40 ENCR:0
# TLS_Clt:millcorner.ath.cx ENCR:128
TLS_Clt:connexions-leics.org ENCR:128
TLS_Clt: ENCR:128

CERTISSUER:/C=UK/ST=England/L=Leicester/O=Leicester+20City+2 0Council/OU=Info
rmation/CN=itssecmail01.leicester.gov.uk/emailAddress=it.sup port.centre@leic
ester.gov.uk RELAY

To:leicester.gov.uk RELAY
Connect:mail-relay1.leicester.gov.uk RELAY
Connect:localhost OK
127.0.0.1 RELAY
10.130.148.40 RELAY

The first three Try statements don't work hence the first ENCR:0 entry.

For the other hosts, we can send and receive TLS encrypted mail but always
with verify=FAIL.

Here is the certificate stuff from our sendmail.cf:

define(`confCACERT_PATH', `/etc/mail/certs/')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/cert.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/key.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/cert.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/key.pem')dnl

We generated a certificate request using openssl and placed the CA
certificate in cert.pem.