diff --git a/libexec/rc/rc.d/sendmail b/libexec/rc/rc.d/sendmail
--- a/libexec/rc/rc.d/sendmail
+++ b/libexec/rc/rc.d/sendmail
@@ -143,13 +143,18 @@
 	    -out newcert.pem -keyfile cakey.pem -cert cacert.pem \
 	    -key "$certpass" -batch -infiles tmp.pem >/dev/null 2>&1 &&
 
+	# generate dh parameters
+	openssl dhparam -out dh.param 2048 >/dev/null 2>&1 &&
+
 	mkdir -p "$CERTDIR" &&
 	chmod 0755 "$CERTDIR" &&
 	chmod 644 newcert.pem cacert.pem &&
 	chmod 600 newkey.pem &&
+	chmod 644 dh.param &&
 	cp -p newcert.pem "$CERTDIR"/host.cert &&
 	cp -p cacert.pem "$CERTDIR"/cacert.pem &&
 	cp -p newkey.pem "$CERTDIR"/host.key &&
+	cp -p dh.param "$CERTDIR"/dh.param &&
 	ln -s cacert.pem "$CERTDIR"/`openssl x509 -hash -noout \
 	    -in cacert.pem`.0)