Differences between revisions 10 and 12 (spanning 2 versions)
Revision 10 as of 2008-05-14 11:19:49
Size: 1873
Editor: alpt
Comment: aggiunti checksum del cert
Revision 12 as of 2008-05-14 11:31:28
Size: 2185
Editor: alpt
Comment:
Deletions are marked like this. Additions are marked like this.
Line 46: Line 46:
Or Just do:
{{{
mkdir -p ~/.ssl/certs
wget http://www.dyne.org/ca-freaknetdyne.cer
openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem
c_rehash ./
#Finally add
# sslcertck sslcertpath ~/.ssl/certs
#in your .fetchmailrc
}}}

Introduction

If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.

(probably we can add some screenshot to this configuration)

DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT

The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity:

$ sha1sum ca-freaknetdyne.cer 
37cbba931993b48711080961c6ec931f9d0645fd  ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584  ca-freaknetdyne.cer

The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F

Firefox setup

If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust everything

it will import the certificate automatically, OR

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Advanced

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Thunderbird setup

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Privacy

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Fetchmail setup

See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:

mkdir -p ~/.ssl/certs
wget http://www.dyne.org/ca-freaknetdyne.cer
openssl x509 -in ca-freaknetdyne.cer  -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem
c_rehash ./
#Finally add 
#   sslcertck sslcertpath ~/.ssl/certs
#in your .fetchmailrc

msmtp setup

Use the following options in your .msmtprc

tls on tls_trust_file /home/you/yourcafile

mutt setup

Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value

HowToUseOurCA (last edited 2008-06-26 09:54:12 by anonymous)