Differences between revisions 6 and 18 (spanning 12 versions)
Revision 6 as of 2008-01-30 10:15:28
Size: 1520
Editor: nightolo
Comment:
Revision 18 as of 2008-05-14 11:44:51
Size: 2504
Editor: pallotron
Comment:
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download)
The fingerprint of our CA is '''21:F5:8A:B2:A7:19:A9:2D:3D:73:6D:0A:F8:33:85:F8:F1:0C:9E:E8'''
'''DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT'''

The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity:

{{{
$ sha1sum ca-freaknetdyne.cer
37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer
}}}
The SHA1 fingerprint of our CA released on May 14th 2008 is: '''FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F'''
Line 11: Line 20:
 
Line 23: Line 32:
Line 33: Line 41:
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:
Line 34: Line 43:
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml {{{
mkdir -p ~/.ssl/certs
}}}
{{{
wget http://www.dyne.org/ca-freaknetdyne.cer
}}}
{{{
openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem
}}}
{{{
c_rehash ~/.ssl/certs
}}}
Finally add '' sslcertck sslcertpath '/home/youruser/.ssl/certs''' at the end of you poll line in your .fetchmailrc '''''
Line 36: Line 57:
'''''for example: '''''

{{{
poll mail.freaknet.org timeout 90 with proto IMAP
user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs
mda "/usr/bin/procmail -f %F -d %T";}}}
Line 39: Line 66:
tls on
tls_trust_file /home/you/yourcafile
tls on tls_trust_file /home/you/yourcafile

Introduction

If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.

(probably we can add some screenshot to this configuration)

DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT

The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download) Verify its integrity:

$ sha1sum ca-freaknetdyne.cer
37cbba931993b48711080961c6ec931f9d0645fd  ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584  ca-freaknetdyne.cer

The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F

Firefox setup

If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust everything

it will import the certificate automatically, OR

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Advanced

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Thunderbird setup

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]

Edit -> Preferences -> Privacy

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Fetchmail setup

See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:

mkdir -p ~/.ssl/certs

wget http://www.dyne.org/ca-freaknetdyne.cer

openssl x509 -in ca-freaknetdyne.cer  -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem

c_rehash ~/.ssl/certs

Finally add sslcertck sslcertpath '/home/youruser/.ssl/certs at the end of you poll line in your .fetchmailrc

for example:

poll mail.freaknet.org timeout 90 with proto IMAP
user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs
mda "/usr/bin/procmail -f %F -d %T";

msmtp setup

Use the following options in your .msmtprc

tls on tls_trust_file /home/you/yourcafile

mutt setup

Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value

HowToUseOurCA (last edited 2008-06-26 09:54:12 by anonymous)