Differences between revisions 21 and 22
Revision 21 as of 2008-05-14 11:46:25
Size: 2546
Editor: pallotron
Comment:
Revision 22 as of 2008-05-14 11:57:47
Size: 2848
Editor: pallotron
Comment:
Deletions are marked like this. Additions are marked like this.
Line 66: Line 66:
Use the following options in your .msmtprc
Like fetchmail download CA e convert certificate in PEM format:
Line 69: Line 68:
tls on}}} mkdir -p ~/.ssl/certs
}}}
Line 71: Line 71:
 tls_trust_file /home/you/yourcafile }}} cd ~/.ssl/certs}}}
{{{
wget http://www.dyne.org/ca-freaknetdyne.cer
}}}
{{{
openssl x509 -in ca-freaknetdyne.cer -out freaknetdynemsmtp.pem}}}
Use the following options in your .msmtprc{{{
tls on
tls_certcheck on
tls_starttls on
tls_trust_file /home/youruser/.ssl/certs/freaknetmailmsmtp.pem
}}}

Introduction

If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.

(probably we can add some screenshot to this configuration)

DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT

The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity:

$ sha1sum ca-freaknetdyne.cer
37cbba931993b48711080961c6ec931f9d0645fd  ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584  ca-freaknetdyne.cer

The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F

Firefox setup

If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust everything

it will import the certificate automatically, OR

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Advanced

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Thunderbird setup

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Privacy

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Fetchmail setup

See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:

mkdir -p ~/.ssl/certs

cd ~/.ssl/certs

wget http://www.dyne.org/ca-freaknetdyne.cer

openssl x509 -in ca-freaknetdyne.cer  -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem

c_rehash ~/.ssl/certs

Finally add sslcertck sslcertpath '/home/youruser/.ssl/certs' at the end of you poll line in your .fetchmailrc

for example:

poll mail.freaknet.org timeout 90 with proto IMAP
user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs
mda "/usr/bin/procmail -f %F -d %T";

msmtp setup

Like fetchmail download CA e convert certificate in PEM format:

mkdir -p ~/.ssl/certs

cd ~/.ssl/certs

wget http://www.dyne.org/ca-freaknetdyne.cer

openssl x509 -in ca-freaknetdyne.cer -out freaknetdynemsmtp.pem

Use the following options in your .msmtprc

tls on
tls_certcheck on
tls_starttls on
tls_trust_file /home/youruser/.ssl/certs/freaknetmailmsmtp.pem

mutt setup

Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value

HowToUseOurCA (last edited 2008-06-26 09:54:12 by anonymous)