1108
Comment:
|
2504
|
Deletions are marked like this. | Additions are marked like this. |
Line 5: | Line 5: |
'''DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT''' The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity: {{{ $ sha1sum ca-freaknetdyne.cer 37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer $ md5sum ca-freaknetdyne.cer 110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer }}} The SHA1 fingerprint of our CA released on May 14th 2008 is: '''FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F''' |
|
Line 7: | Line 20: |
Line 19: | Line 32: |
Line 29: | Line 41: |
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do: | |
Line 30: | Line 43: |
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml | {{{ mkdir -p ~/.ssl/certs }}} {{{ wget http://www.dyne.org/ca-freaknetdyne.cer }}} {{{ openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem }}} {{{ c_rehash ~/.ssl/certs }}} Finally add '' sslcertck sslcertpath '/home/youruser/.ssl/certs''' at the end of you poll line in your .fetchmailrc ''''' '''''for example: ''''' {{{ poll mail.freaknet.org timeout 90 with proto IMAP user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs mda "/usr/bin/procmail -f %F -d %T";}}} == msmtp setup == Use the following options in your .msmtprc tls on tls_trust_file /home/you/yourcafile == mutt setup == Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value |
Introduction
If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.
(probably we can add some screenshot to this configuration)
DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT
The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity:
$ sha1sum ca-freaknetdyne.cer 37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer $ md5sum ca-freaknetdyne.cer 110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer
The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F
Firefox setup
If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust everything
it will import the certificate automatically, OR
Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]
Edit -> Preferences -> Advanced
choose 'Security' tab and then 'View Certificates' -> Authorities -> Import
Then import freaknetca.cer
Thunderbird setup
Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]
Edit -> Preferences -> Privacy
choose 'Security' tab and then 'View Certificates' -> Authorities -> Import
Then import freaknetca.cer
Fetchmail setup
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:
mkdir -p ~/.ssl/certs
wget http://www.dyne.org/ca-freaknetdyne.cer
openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem
c_rehash ~/.ssl/certs
Finally add sslcertck sslcertpath '/home/youruser/.ssl/certs at the end of you poll line in your .fetchmailrc
for example:
poll mail.freaknet.org timeout 90 with proto IMAP user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs mda "/usr/bin/procmail -f %F -d %T";
msmtp setup
Use the following options in your .msmtprc
tls on tls_trust_file /home/you/yourcafile
mutt setup
Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value