I have no idea whether your shareware client properly implements START_TLS or not; or whether or not it supports client certificates.
Peter's TLS Telnet distribution comes with both a client and a server. The docs describe how to configure the server to authenticate itself to the client. For the server to authenticate the client certs you must compile the Telnet server to support that functionality using one of the sample functions for doing so; or write one that meets the requirements of your authentication and authorization system. For the client, the man page describes how to specify client certs and keys for authenticating the client to the server. If you want a Windows Telnet client that not only properly supports the START_TLS option but all has good documentation about it, look at Kermit 95: http://www.kermit-project.org/k95.html The security docs which you may find useful in any case are located at http://www.kermit-project.org/security.html > I read all the docs, but as I said earlier, I am new to both Linux and SSL > and I didn't know how to get both the client and the server to accept the > test certificate's CA that I am using for both parties' authentication. I > think that I got both of them setup finally. > > For Win2K, I downloaded a shareware client from Tucows just to be sure that > the TLS Telnet server is correctly configured. As for all the questions, I > am implementing SSL support for all the network utilities in TOAD (Quest > Software, Inc.) and no one here has ever implemented SSL before and our Unix > guy is across the country so unless if I want to wait 2 more weeks, I have > to set the Linux box up myself. > > Thanks, > Michael > ----- Original Message ----- > From: "Jeffrey Altman" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Wednesday, July 03, 2002 9:00 AM > Subject: Re: starting TLS Telnet server > > > > > Thanks for the help, > > > > > > This has developed into a few more questions now. First let me make sure > > > that I did everything correctly. I commented out the old telnet server > line > > > in /etc/xinetd.d/telnet and added the path to my tls server > > > /usr/local/sbin/telnetd > > > > This is the TLS Telnet Daemon > > > > >(I have another telnet file (server) --- > > > /usr/local/bin/telnet that was created the same day and time as the one > that > > > I have my path set to ??? Any ideas) > > > > This is the TLS Telnet client > > > > > Anyway, I try to connect to it and I > > > am getting errors during the handshake. I am sure that it is because I > am > > > running a Microsoft Test Certificate on the client (Win2K box) and an > > > OpenSSL self signed certificate on the server (RedHat 7.3) How do I set > up > > > the list of accepted CA's for both machines to allow these test > > > certificates? I have tried exporting my Win2K cert. w/o the key and > > > importing it as a signer in Crypto Manager, but I get an error that it > is > > > not a signer cert. I also imported it into Netscape and it worked fine?? > > > > > What are you using as a TLS Telnet client on Win2K? > > > > If you are not using a TLS Telnet client on Win2K, how is Win2K > > involved? > > > > I think you need to read the text files that Peter provides in his > > distribution. > > > > > > > > Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available > now!!! > > The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, > HTTP > > http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, > and > > [EMAIL PROTECTED] OpenSSL. > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
