|
Size: 887
Comment:
|
← Revision 26 as of 2008-06-26 09:54:12 ⇥
Size: 2868
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
| First of all, download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link] | (probably we can add some screenshot to this configuration) |
| Line 6: | Line 6: |
| (probably we can add some screenshot to this configuration) | '''DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT''' The x509 file is [[http://www.dyne.org/ca-freaknetdyne.cer|HERE]] (click to download) Verify its integrity: {{{ $ sha1sum ca-freaknetdyne.cer 37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer $ md5sum ca-freaknetdyne.cer 110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer }}} The SHA1 fingerprint of our CA released on May 14th 2008 is: '''FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F''' |
| Line 8: | Line 19: |
| If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] | If you use Firefox or IE click [[http://www.dyne.org/ca-freaknetdyne.crt|HERE]] and trust ''everything'' |
| Line 11: | Line 22: |
Download freaknetca.cert clicking on this [[http://www.dyne.org/ca-freaknetdyne.cer|link]] |
|
| Line 19: | Line 32: |
| Download freaknetca.cert clicking on this [[http://www.dyne.org/ca-freaknetdyne.cer|link]] | |
| Line 25: | Line 39: |
== Fetchmail setup == See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do: {{{ mkdir -p ~/.ssl/certs }}} {{{ cd ~/.ssl/certs}}} {{{ wget http://www.dyne.org/ca-freaknetdyne.cer }}} {{{ openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem }}} {{{ c_rehash ~/.ssl/certs }}} Finally add '' sslcertck sslcertpath '/home/youruser/.ssl/certs'''' '''''at the end of you poll line in your .fetchmailrc for example: {{{ poll mail.freaknet.org timeout 90 with proto IMAP user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs mda "/usr/bin/procmail -f %F -d %T";}}} == msmtp setup == Like fetchmail you have to download the CA cert and convert it in PEM format: {{{ mkdir -p ~/.ssl/certs }}} {{{ cd ~/.ssl/certs}}} {{{ wget http://www.dyne.org/ca-freaknetdyne.cer }}} {{{ openssl x509 -in ca-freaknetdyne.cer -out freaknetdynemsmtp.pem}}} Then use the following options in your .msmtprc {{{ tls on tls_certcheck on tls_starttls on tls_trust_file /home/youruser/.ssl/certs/freaknetdynemsmtp.pem}}} == mutt setup == Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value |
Introduction
If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.
(probably we can add some screenshot to this configuration)
DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT
The x509 file is HERE (click to download) Verify its integrity:
$ sha1sum ca-freaknetdyne.cer 37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer $ md5sum ca-freaknetdyne.cer 110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer
The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F
Firefox setup
If you use Firefox or IE click HERE and trust everything
it will import the certificate automatically, OR
Download freaknetca.cert clicking on this link
Edit -> Preferences -> Advanced
choose 'Security' tab and then 'View Certificates' -> Authorities -> Import
Then import freaknetca.cer
Thunderbird setup
Download freaknetca.cert clicking on this link
Edit -> Preferences -> Privacy
choose 'Security' tab and then 'View Certificates' -> Authorities -> Import
Then import freaknetca.cer
Fetchmail setup
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:
mkdir -p ~/.ssl/certs
cd ~/.ssl/certs
wget http://www.dyne.org/ca-freaknetdyne.cer
openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem
c_rehash ~/.ssl/certs
Finally add sslcertck sslcertpath '/home/youruser/.ssl/certs' at the end of you poll line in your .fetchmailrc
for example:
poll mail.freaknet.org timeout 90 with proto IMAP user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs mda "/usr/bin/procmail -f %F -d %T";
msmtp setup
Like fetchmail you have to download the CA cert and convert it in PEM format:
mkdir -p ~/.ssl/certs
cd ~/.ssl/certs
wget http://www.dyne.org/ca-freaknetdyne.cer
openssl x509 -in ca-freaknetdyne.cer -out freaknetdynemsmtp.pem
Then use the following options in your .msmtprc
tls on tls_certcheck on tls_starttls on tls_trust_file /home/youruser/.ssl/certs/freaknetdynemsmtp.pem
mutt setup
Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value