== Introduction == If you want to be paranoid about our SSL configuration you need to trust our CA, we are moving all our certificates under a general CA, so if you trust the CA you will automatically trust all the certificates signed by that. (probably we can add some screenshot to this configuration) '''DUE TO A VERY SERIOUS BUG, WE UPDATED OUR CA ON May 14th 2008, PLEASE CHECK THE NEW FINGERPRINT''' The x509 file is [[http://www.dyne.org/ca-freaknetdyne.cer|HERE]] (click to download) Verify its integrity: {{{ $ sha1sum ca-freaknetdyne.cer 37cbba931993b48711080961c6ec931f9d0645fd ca-freaknetdyne.cer $ md5sum ca-freaknetdyne.cer 110dfe3379bba6206e6606bf0cd3f584 ca-freaknetdyne.cer }}} The SHA1 fingerprint of our CA released on May 14th 2008 is: '''FB:06:B7:E7:11:AE:BB:2E:E3:F6:78:9D:F2:70:D4:E3:78:40:15:6F''' == Firefox setup == If you use Firefox or IE click [[http://www.dyne.org/ca-freaknetdyne.crt|HERE]] and trust ''everything'' it will import the certificate automatically, '''OR''' Download freaknetca.cert clicking on this [[http://www.dyne.org/ca-freaknetdyne.cer|link]] Edit -> Preferences -> Advanced choose 'Security' tab and then 'View Certificates' -> Authorities -> Import Then import freaknetca.cer == Thunderbird setup == Download freaknetca.cert clicking on this [[http://www.dyne.org/ca-freaknetdyne.cer|link]] Edit -> Preferences -> Privacy choose 'Security' tab and then 'View Certificates' -> Authorities -> Import Then import freaknetca.cer == Fetchmail setup == See the instructions on http://www.math.princeton.edu/~wwong/blog/blog200603021830.shtml Or Just do: {{{ mkdir -p ~/.ssl/certs }}} {{{ cd ~/.ssl/certs}}} {{{ wget http://www.dyne.org/ca-freaknetdyne.cer }}} {{{ openssl x509 -in ca-freaknetdyne.cer -addtrust clientAuth -addtrust emailProtection -addtrust serverAuth -out freaknetdyne.pem }}} {{{ c_rehash ~/.ssl/certs }}} Finally add '' sslcertck sslcertpath '/home/youruser/.ssl/certs'''' '''''at the end of you poll line in your .fetchmailrc for example: {{{ poll mail.freaknet.org timeout 90 with proto IMAP user youruser@freaknet.org with password yourpass, is youruser here sslcertck sslcertpath /home/youruser/.ssl/certs mda "/usr/bin/procmail -f %F -d %T";}}} == msmtp setup == Like fetchmail you have to download the CA cert and convert it in PEM format: {{{ mkdir -p ~/.ssl/certs }}} {{{ cd ~/.ssl/certs}}} {{{ wget http://www.dyne.org/ca-freaknetdyne.cer }}} {{{ openssl x509 -in ca-freaknetdyne.cer -out freaknetdynemsmtp.pem}}} Then use the following options in your .msmtprc {{{ tls on tls_certcheck on tls_starttls on tls_trust_file /home/youruser/.ssl/certs/freaknetdynemsmtp.pem}}} == mutt setup == Use the *certificate_file* variable in your .muttrc, using the path of the .cer file as value