While starting sendmail service or getting sendmail status, there is the certificate error as noted below:

# service sendmail status
● sendmail.service - Sendmail Mail Transport Agent
     Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: enabled)
     Active: active (running) since <Date & Time>; x weeks x days ago
   Main PID: 1475 (sendmail)
      Tasks: 1 (limit: 28788)
     Memory: 3.9M
     CGroup: /system.slice/sendmail.service
             └─1475 sendmail: accepting connections

<Date & Time> EXAMPLE systemd[1]: Starting Sendmail Mail Transport Agent...
<Date & Time> EXAMPLE sendmail[1475]: starting daemon (8.18.0.2): SMTP+queueing@01:00:00
<Date & Time> EXAMPLE sendmail[1475]: STARTTLS=server: file /etc/vmware/vmware-vmafd/machine-ssl.crt unsafe: Permission denied
<Date & Time> EXAMPLE sendmail[1561]: 4A7FIDCP001561: from=<root@EXAMPLE>, size=1147, class=-60, nrcpts=1, msgid=<2024xxxxxxx4A7FIDO0001541@EXAMPLE>, proto=ESMTP, daemon=MTA, relay=EXAMPLE [127.0.0.1]
<Date & Time> EXAMPLE sendmail[1578]: 4A7FIDCP001561: to=<root@EXAMPLE>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=139359, dsn=2.0.0, stat=Sent
<Date & Time> EXAMPLE systemd[1]: Started Sendmail Mail Transport Agent.

# service sendmail status
● sendmail.service - Sendmail Mail Transport Agent
     Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: enabled)
     Active: active (running) since <Date & Time>; xx ago
    Process: 4104467 ExecStart=/usr/sbin/sendmail -bd -q $QUEUE $SENDMAIL_OPTARG (code=exited, status=0/SUCCESS)
   Main PID: 4104468 (sendmail)
      Tasks: 1 (limit: 28788)
     Memory: 1.6M
     CGroup: /system.slice/sendmail.service
             └─4104468 sendmail: accepting connections

<Date & Time> EXAMPLE systemd[1]: Starting Sendmail Mail Transport Agent...
<Date & Time> EXAMPLE sendmail[4104468]: starting daemon (8.18.0.2): SMTP+queueing@01:00:00
<Date & Time> EXAMPLE sendmail[4104468]: STARTTLS=server: file /etc/vmware/vmware-vmafd/ca.crt unsafe: Group writable file
<Date & Time> EXAMPLE systemd[1]: Started Sendmail Mail Transport Agent.

Symlinks from /etc/ to /var/lib can cause issues with permissions in vmafd:

# ls -lah /etc/vmware/vmware-vmafd/
total 8.0K
drwx------  2 root root 4.0K .
drwxr-xr-x 23 root root 4.0K  ..
lrwxrwxrwx  1 root root   25  ca.crt -> /etc/ssl/certs/dc155d51.0
lrwxrwxrwx  1 root root   43  machine-ssl.crt -> /var/lib/vmware/vmafdd_data/machine-ssl.crt
lrwxrwxrwx  1 root root   43  machine-ssl.key -> /var/lib/vmware/vmafdd_data/machine-ssl.key

Copy the certificates to the /etc/vmware/vmware-vmafd/ directory and remove the symlinks:

Prestep: Run "ls -lah /etc/vmware/vmware-vmafd/ and take note of the files that are symlinked to the files in this directory.

1. cd /etc/vmware/vmware-vmafd
2. mv * /tmp
3. cp /var/lib/vmware/vmafdd_data/machine-ssl.* /etc/vmware/vmware-vmafd/
4. cp /etc/ssl/certs/CERT_NAME /etc/vmware/vmware-vmafd/ca.crt
5. service sendmail stop
6. service sendmail start
7. service sendmail status

** CERT_NAME is the name of the file that is linked to /etc/vmware/vmware-vmafd/ca.crt when you run "ls -lah /etc/vmware/vmware-vmafd/".

After performing the above steps, the sendmail service should start correctly and have a healthy status: