1873
Comment: aggiunti checksum del cert
|
2458
|
Deletions are marked like this. | Additions are marked like this. |
Line 8: | Line 8: |
The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity: |
The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity: |
Line 11: | Line 11: |
$ sha1sum ca-freaknetdyne.cer | $ sha1sum ca-freaknetdyne.cer |
Line 16: | Line 16: |
The SHA1 fingerprint of our CA released on May 14th 2008 is: '''FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F''' |
The SHA1 fingerprint of our CA released on May 14th 2008 is: '''FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F''' |
Line 22: | Line 20: |
Line 34: | Line 32: |
Line 44: | Line 41: |
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do: | |
Line 45: | Line 43: |
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml | {{{ mkdir -p ~/.ssl/certs wget http://www.dyne.org/ca-freaknetdyne.cer openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem c_rehash ~/.ssl/certs #Finally add # sslcertck sslcertpath '/home/youruser/.ssl/certs' # at the end of you poll line in your .fetchmailrc }}} for example: |
Line 47: | Line 54: |
{{{ poll mail.freaknet.org timeout 90 with proto IMAP user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs mda "/usr/bin/procmail -f %F -d %T";}}} |
|
Line 50: | Line 61: |
tls on tls_trust_file /home/you/yourcafile |
tls on tls_trust_file /home/you/yourcafile |
Introduction
If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.
(probably we can add some screenshot to this configuration)
DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT
The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity:
$ sha1sum ca-freaknetdyne.cer 37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer $ md5sum ca-freaknetdyne.cer 110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer
The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F
Firefox setup
If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust everything
it will import the certificate automatically, OR
Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]
Edit -> Preferences -> Advanced
choose 'Security' tab and then 'View Certificates' -> Authorities -> Import
Then import freaknetca.cer
Thunderbird setup
Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]
Edit -> Preferences -> Privacy
choose 'Security' tab and then 'View Certificates' -> Authorities -> Import
Then import freaknetca.cer
Fetchmail setup
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:
mkdir -p ~/.ssl/certs wget http://www.dyne.org/ca-freaknetdyne.cer openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem c_rehash ~/.ssl/certs #Finally add # sslcertck sslcertpath '/home/youruser/.ssl/certs' # at the end of you poll line in your .fetchmailrc
for example:
poll mail.freaknet.org timeout 90 with proto IMAP user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs mda "/usr/bin/procmail -f %F -d %T";
msmtp setup
Use the following options in your .msmtprc
tls on tls_trust_file /home/you/yourcafile
mutt setup
Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value