Date: Fri, 10 Nov 2000 05:42:30 -0800 (PST) From: "Angelo a.k.a shagy" <shagy@rocketmail.com> To: freebsd-security@FreeBSD.ORG Subject: Re: stunnel, outlook express and qpopper Message-ID: <20001110134230.29329.qmail@web2904.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
> On Fri, Nov 10, 2000 at 12:55:26AM -0800, Angelo
> a.k.a shagy wrote:
> > Greetings i'm trying to wrap pop3 with stunnell
> (ssl)
> > I'm using FreeBSD 3.4
> > stunnel 3.4a (from the ports)
> > qpopper 3.1
> >
> > I start qpopper with the following options
> > "qpopper 192.168.5.1:110 -S"
> >
> > Then stunnel starts up like so
> > "stunnel -d pop3s -r 192.168.5.1:pop3"
> >
> > When trying to access mail through outlook express
> I
> > get the following message.
> > "The server you are connected to is using a
> security
> > certificate that does not match its internet
> address.
> > Do you want to continue using this server?"
> >
> > I've read that IE and Netscape have a hard coded
> list
> > of Certificate Authorities. And you can get this
> > message if you haven't had your server certificate
> > signed by a CA such as verisign. Is this an
> absolute
> > truth *or* is there a way around this? Or am I
> just
> > way off?!
> >
> > Any help would be appreciated
>
> A self-signed certificate worked fine for me back
> when I used to run a
> similar setup (UW-IMAP and POP3, stunnel, and MS
> OE). How did you make
> your cert?
> --
Hi, here is how I created the certificate....
First I generated the unencrypted server key
"openssl genrsa -out server.key 1024"
Then I created a server certificate request with the
unencrypted key
"openssl req -new -days 365 -key server.key -out
newreq.pem"
Created my own Certificate Authority and self-signed.
(I used CA.pl to do this)
"perl CA.pl -newca" #made a certificate authority
"perl CA.pl -sign" #self-signed the request
#(I got a file named "newcert.pem"
as a result)
Then I generated a dh file for stunnel
"openssl gendh -out dh 1024"
Put it all together like so
"cat server.key newcert.pem dh > stunnel.pem"
I also removed non operational text from
stunnel.pem.....the end result was
simmilar to this.
---BEGIN RSA PRIVATE KEY---
[encoded key]
---END RSA PRIVATE KEY---
[empty line here]
---BEGIN CERTIFICATE---
[encoded certificate]
---END CERTIFICATE---
[empty line here]
---BEGIN DH PARAMETERS---
[encoded key]
---END DH PARAMETERS---
Everything seems to be working fine except for message
that
I get from outlook.
Thanks,
Ang
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001110134230.29329.qmail>