Differences between revisions 18 and 19
Revision 18 as of 2008-05-14 11:44:51
Size: 2504
Editor: pallotron
Comment:
Revision 19 as of 2008-05-14 11:45:13
Size: 2504
Editor: pallotron
Comment:
Deletions are marked like this. Additions are marked like this.
Line 55: Line 55:
Finally add '' sslcertck sslcertpath '/home/youruser/.ssl/certs''' at the end of you poll line in your .fetchmailrc ''''' Finally add '' sslcertck sslcertpath '/home/youruser/.ssl/certs'''' '''''at the end of you poll line in your .fetchmailrc

Introduction

If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.

(probably we can add some screenshot to this configuration)

DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT

The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity: 

$ sha1sum ca-freaknetdyne.cer
37cbba931993b48711080961c6ec931f9d0645fd  ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584  ca-freaknetdyne.cer

The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F

Firefox setup

If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust everything

it will import the certificate automatically, OR

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Advanced

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Thunderbird setup

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Privacy

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Fetchmail setup

See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do: 

mkdir -p ~/.ssl/certs

wget http://www.dyne.org/ca-freaknetdyne.cer

openssl x509 -in ca-freaknetdyne.cer  -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem

c_rehash ~/.ssl/certs

Finally add sslcertck sslcertpath '/home/youruser/.ssl/certs' at the end of you poll line in your .fetchmailrc

for example: 

poll mail.freaknet.org timeout 90 with proto IMAP
user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs
mda "/usr/bin/procmail -f %F -d %T";

msmtp setup

Use the following options in your .msmtprc

tls on tls_trust_file /home/you/yourcafile

mutt setup

Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value

HowToUseOurCA (last edited 2008-06-26 09:54:12 by anonymous)