From owner-freebsd-security Sat Nov 18 19:57:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.i-dns.net (unknown [203.126.116.228]) by hub.freebsd.org (Postfix) with ESMTP id F343237B479 for ; Sat, 18 Nov 2000 19:57:07 -0800 (PST) Received: from huiminvaio (spnp47087.spnp.nus.edu.sg [137.132.47.97]) by mail.i-dns.net (Postfix) with SMTP id E1283FFC01; Sun, 19 Nov 2000 11:57:32 +0800 (SGT) Message-ID: <000701c051dc$c59dec10$6600a8c0@huiminvaio> Reply-To: "Lim Hui Min" From: "Lim Hui Min" To: "Angelo a.k.a shagy" , References: <20001110134230.29329.qmail@web2904.mail.yahoo.com> Subject: Re: stunnel, outlook express and qpopper Date: Fri, 17 Nov 2000 21:50:30 +0800 Organization: i-DNS.net International MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org make sure your Common Name, when you create your cert, is EXACTLY the same as the server name that you are popping from in outlook express. HM ----- Original Message ----- From: "Angelo a.k.a shagy" To: Sent: Friday, November 10, 2000 9:42 PM Subject: Re: stunnel, outlook express and qpopper > > On Fri, Nov 10, 2000 at 12:55:26AM -0800, Angelo > > a.k.a shagy wrote: > > > Greetings i'm trying to wrap pop3 with stunnell > > (ssl) > > > I'm using FreeBSD 3.4 > > > stunnel 3.4a (from the ports) > > > qpopper 3.1 > > > > > > I start qpopper with the following options > > > "qpopper 192.168.5.1:110 -S" > > > > > > Then stunnel starts up like so > > > "stunnel -d pop3s -r 192.168.5.1:pop3" > > > > > > When trying to access mail through outlook express > > I > > > get the following message. > > > "The server you are connected to is using a > > security > > > certificate that does not match its internet > > address. > > > Do you want to continue using this server?" > > > > > > I've read that IE and Netscape have a hard coded > > list > > > of Certificate Authorities. And you can get this > > > message if you haven't had your server certificate > > > signed by a CA such as verisign. Is this an > > absolute > > > truth *or* is there a way around this? Or am I > > just > > > way off?! > > > > > > Any help would be appreciated > > > > A self-signed certificate worked fine for me back > > when I used to run a > > similar setup (UW-IMAP and POP3, stunnel, and MS > > OE). How did you make > > your cert? > > -- > > > Hi, here is how I created the certificate.... > > First I generated the unencrypted server key > "openssl genrsa -out server.key 1024" > > Then I created a server certificate request with the > unencrypted key > "openssl req -new -days 365 -key server.key -out > newreq.pem" > > Created my own Certificate Authority and self-signed. > (I used CA.pl to do this) > "perl CA.pl -newca" #made a certificate authority > "perl CA.pl -sign" #self-signed the request > #(I got a file named "newcert.pem" > as a result) > > Then I generated a dh file for stunnel > "openssl gendh -out dh 1024" > > Put it all together like so > "cat server.key newcert.pem dh > stunnel.pem" > > I also removed non operational text from > stunnel.pem.....the end result was > simmilar to this. > > ---BEGIN RSA PRIVATE KEY--- > [encoded key] > ---END RSA PRIVATE KEY--- > [empty line here] > ---BEGIN CERTIFICATE--- > [encoded certificate] > ---END CERTIFICATE--- > [empty line here] > ---BEGIN DH PARAMETERS--- > [encoded key] > ---END DH PARAMETERS--- > > > Everything seems to be working fine except for message > that > I get from outlook. > > Thanks, > Ang > > > > > __________________________________________________ > Do You Yahoo!? > Thousands of Stores. Millions of Products. All in one Place. > http://shopping.yahoo.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message