Differences between revisions 1 and 17 (spanning 16 versions)
Revision 1 as of 2007-02-05 18:43:00
Size: 748
Editor: nightolo
Comment:
Revision 17 as of 2008-05-14 11:44:30
Size: 2487
Editor: pallotron
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
First of all, download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link] (probably we can add some screenshot to this configuration)
Line 6: Line 6:
(probably we can add some screenshot to this configuration) '''DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT'''

The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity:

{{{
$ sha1sum ca-freaknetdyne.cer
37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer
}}}
The SHA1 fingerprint of our CA released on May 14th 2008 is: '''FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F'''
Line 8: Line 19:
If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust ''everything''

it will import the certificate automatically, '''OR'''

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]
Line 15: Line 32:
Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]
Line 21: Line 39:

== Fetchmail setup ==
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:

{{{
mkdir -p ~/.ssl/certs
}}}
{{{
wget http://www.dyne.org/ca-freaknetdyne.cer
}}}
{{{
openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem
}}}
{{{
c_rehash ~/.ssl/certs
}}}
Finally add '' sslcertck sslcertpath '/home/youruser/.ssl/certs''' at the end of you poll line in your .fetchmailrc

for example:

{{{
poll mail.freaknet.org timeout 90 with proto IMAP
user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs
mda "/usr/bin/procmail -f %F -d %T";}}}
== msmtp setup ==
Use the following options in your .msmtprc

tls on tls_trust_file /home/you/yourcafile

== mutt setup ==
Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value

Introduction

If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.

(probably we can add some screenshot to this configuration)

DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT

The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity:

$ sha1sum ca-freaknetdyne.cer
37cbba931993b48711080961c6ec931f9d0645fd  ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584  ca-freaknetdyne.cer

The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F

Firefox setup

If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust everything

it will import the certificate automatically, OR

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Advanced

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Thunderbird setup

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Privacy

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Fetchmail setup

See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:

mkdir -p ~/.ssl/certs

wget http://www.dyne.org/ca-freaknetdyne.cer

openssl x509 -in ca-freaknetdyne.cer  -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem

c_rehash ~/.ssl/certs

Finally add sslcertck sslcertpath '/home/youruser/.ssl/certs at the end of you poll line in your .fetchmailrc

for example:

poll mail.freaknet.org timeout 90 with proto IMAP
user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs
mda "/usr/bin/procmail -f %F -d %T";

msmtp setup

Use the following options in your .msmtprc

tls on tls_trust_file /home/you/yourcafile

mutt setup

Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value

HowToUseOurCA (last edited 2008-06-26 09:54:12 by anonymous)