Differences between revisions 6 and 26 (spanning 20 versions)
Revision 6 as of 2008-01-30 10:15:28
Size: 1520
Editor: nightolo
Comment:
Revision 26 as of 2008-06-26 09:54:12
Size: 2868
Editor: anonymous
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
The x509 file is [http://www.dyne.org/ca-freaknetdyne.cer HERE] (click to download)
The fingerprint of our CA is '''21:F5:8A:B2:A7:19:A9:2D:3D:73:6D:0A:F8:33:85:F8:F1:0C:9E:E8'''
'''DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT'''

The x509 file is [[http://www.dyne.org/ca-freaknetdyne.cer|HERE]] (click to download) Verify its integrity:

{{{
$ sha1sum ca-freaknetdyne.cer
37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer
}}}
The SHA1 fingerprint of our CA released on May 14th 2008 is: '''FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F'''
Line 10: Line 19:
If you use Firefox or IE click [http://www.dyne.org/ca-freaknetdyne.crt HERE] and trust ''everything''
 
If you use Firefox or IE click [[http://www.dyne.org/ca-freaknetdyne.crt|HERE]] and trust ''everything''
Line 14: Line 23:
Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link] Download freaknetca.cert clicking on this [[http://www.dyne.org/ca-freaknetdyne.cer|link]]
Line 23: Line 32:

Download freaknetca.cert clicking on this [http://www.dyne.org/ca-freaknetdyne.cer link]
Download freaknetca.cert clicking on this [[http://www.dyne.org/ca-freaknetdyne.cer|link]]
Line 33: Line 41:
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:
Line 34: Line 43:
See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml {{{
mkdir -p ~/.ssl/certs
}}}
{{{
cd ~/.ssl/certs}}}
{{{
wget http://www.dyne.org/ca-freaknetdyne.cer
}}}
{{{
openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem
}}}
{{{
c_rehash ~/.ssl/certs
}}}
Finally add '' sslcertck sslcertpath '/home/youruser/.ssl/certs'''' '''''at the end of you poll line in your .fetchmailrc
Line 36: Line 59:
for example:

{{{
poll mail.freaknet.org timeout 90 with proto IMAP
user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs
mda "/usr/bin/procmail -f %F -d %T";}}}
Line 37: Line 66:
Use the following options in your .msmtprc Like fetchmail you have to download the CA cert and convert it in PEM format:
Line 39: Line 68:
{{{
mkdir -p ~/.ssl/certs
}}}
{{{
cd ~/.ssl/certs}}}
{{{
wget http://www.dyne.org/ca-freaknetdyne.cer
}}}
{{{
openssl x509 -in ca-freaknetdyne.cer -out freaknetdynemsmtp.pem}}}
Then use the following options in your .msmtprc

{{{
Line 40: Line 82:
tls_trust_file /home/you/yourcafile
tls_certcheck on
tls_starttls on
tls_trust_file /home/youruser/.ssl/certs/freaknetdynemsmtp.pem}}}

Introduction

If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that.

(probably we can add some screenshot to this configuration)

DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT

The x509 file is HERE (click to download) Verify its integrity:

$ sha1sum ca-freaknetdyne.cer
37cbba931993b48711080961c6ec931f9d0645fd  ca-freaknetdyne.cer
$ md5sum ca-freaknetdyne.cer
110dfe3379bba6206e6606bf0cd3f584  ca-freaknetdyne.cer

The SHA1 fingerprint of our CA released on May 14th 2008 is: FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F

Firefox setup

If you use Firefox or IE click HERE and trust everything

it will import the certificate automatically, OR

Download freaknetca.cert clicking on this link

Edit -> Preferences -> Advanced

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Thunderbird setup

Download freaknetca.cert clicking on this link

Edit -> Preferences -> Privacy

choose 'Security' tab and then 'View Certificates' -> Authorities -> Import

Then import freaknetca.cer

Fetchmail setup

See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do:

mkdir -p ~/.ssl/certs

cd ~/.ssl/certs

wget http://www.dyne.org/ca-freaknetdyne.cer

openssl x509 -in ca-freaknetdyne.cer  -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem

c_rehash ~/.ssl/certs

Finally add sslcertck sslcertpath '/home/youruser/.ssl/certs' at the end of you poll line in your .fetchmailrc

for example:

poll mail.freaknet.org timeout 90 with proto IMAP
user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs
mda "/usr/bin/procmail -f %F -d %T";

msmtp setup

Like fetchmail you have to download the CA cert and convert it in PEM format:

mkdir -p ~/.ssl/certs

cd ~/.ssl/certs

wget http://www.dyne.org/ca-freaknetdyne.cer

openssl x509 -in ca-freaknetdyne.cer -out freaknetdynemsmtp.pem

Then use the following options in your .msmtprc

tls on
tls_certcheck on
tls_starttls on
tls_trust_file /home/youruser/.ssl/certs/freaknetdynemsmtp.pem

mutt setup

Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value

HowToUseOurCA (last edited 2008-06-26 09:54:12 by anonymous)