Date: Fri, 10 Nov 2000 05:42:30 -0800 (PST) From: "Angelo a.k.a shagy" <shagy@rocketmail.com> To: freebsd-security@FreeBSD.ORG Subject: Re: stunnel, outlook express and qpopper Message-ID: <20001110134230.29329.qmail@web2904.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
> On Fri, Nov 10, 2000 at 12:55:26AM -0800, Angelo > a.k.a shagy wrote: > > Greetings i'm trying to wrap pop3 with stunnell > (ssl) > > I'm using FreeBSD 3.4 > > stunnel 3.4a (from the ports) > > qpopper 3.1 > > > > I start qpopper with the following options > > "qpopper 192.168.5.1:110 -S" > > > > Then stunnel starts up like so > > "stunnel -d pop3s -r 192.168.5.1:pop3" > > > > When trying to access mail through outlook express > I > > get the following message. > > "The server you are connected to is using a > security > > certificate that does not match its internet > address. > > Do you want to continue using this server?" > > > > I've read that IE and Netscape have a hard coded > list > > of Certificate Authorities. And you can get this > > message if you haven't had your server certificate > > signed by a CA such as verisign. Is this an > absolute > > truth *or* is there a way around this? Or am I > just > > way off?! > > > > Any help would be appreciated > > A self-signed certificate worked fine for me back > when I used to run a > similar setup (UW-IMAP and POP3, stunnel, and MS > OE). How did you make > your cert? > -- Hi, here is how I created the certificate.... First I generated the unencrypted server key "openssl genrsa -out server.key 1024" Then I created a server certificate request with the unencrypted key "openssl req -new -days 365 -key server.key -out newreq.pem" Created my own Certificate Authority and self-signed. (I used CA.pl to do this) "perl CA.pl -newca" #made a certificate authority "perl CA.pl -sign" #self-signed the request #(I got a file named "newcert.pem" as a result) Then I generated a dh file for stunnel "openssl gendh -out dh 1024" Put it all together like so "cat server.key newcert.pem dh > stunnel.pem" I also removed non operational text from stunnel.pem.....the end result was simmilar to this. ---BEGIN RSA PRIVATE KEY--- [encoded key] ---END RSA PRIVATE KEY--- [empty line here] ---BEGIN CERTIFICATE--- [encoded certificate] ---END CERTIFICATE--- [empty line here] ---BEGIN DH PARAMETERS--- [encoded key] ---END DH PARAMETERS--- Everything seems to be working fine except for message that I get from outlook. Thanks, Ang __________________________________________________ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001110134230.29329.qmail>