RE: cyrus and SSL/stunnel
Thanks, I got it to work finally, created the cert via: openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf \ -out /usr/cyrus/cyrus.pem -keyout /usr/cyrus/cyrus.pem then added these lines to my imapd.conf file: tls_ca_path: /usr/cyrus tls_ca_file: /usr/cyrus/cyrus.pem tls_cert_file: /usr/cyrus/cyrus.pem tls_key_file: /usr/cyrus/cyrus.pem and boom, it's working this way... now i have another question but I'll put that in another topic.. thanks all, good group here Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > Sent: Thursday, March 07, 2002 11:14 PM > To: [EMAIL PROTECTED] > Subject: RE: cyrus and SSL/stunnel > > > On Thu, 7 Mar 2002, Jeff Bert wrote: > > > darnit, now you've got my curiosity peeked again ;) > > > > my "man imapd.conf" has no information about the tls_key_file > > stuff. > > > > any recommendations on type of cert/key to make? RSA? > > Have a short look on the file install-configure.html of the > doc-Directory in > your Cyrus-Source-Directory. > There is a short paragraph about Cyrus with TLS/SSL - how to create the > Certs and how to configure. > > HTH > Marko D. > > -- > GMX - Die Kommunikationsplattform im Internet. > http://www.gmx.net > >
RE: cyrus and SSL/stunnel
On Thu, 7 Mar 2002, Jeff Bert wrote: > darnit, now you've got my curiosity peeked again ;) > > my "man imapd.conf" has no information about the tls_key_file > stuff. > > any recommendations on type of cert/key to make? RSA? Have a short look on the file install-configure.html of the doc-Directory in your Cyrus-Source-Directory. There is a short paragraph about Cyrus with TLS/SSL - how to create the Certs and how to configure. HTH Marko D. -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
RE: cyrus and SSL/stunnel
darnit, now you've got my curiosity peeked again ;) my "man imapd.conf" has no information about the tls_key_file stuff. any recommendations on type of cert/key to make? RSA? Jeff > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux > Sent: Thursday, March 07, 2002 10:13 PM > To: [EMAIL PROTECTED] > Subject: Re: cyrus and SSL/stunnel > > > >>>>> On Thu, 7 Mar 2002 21:40:50 -0800, > >>>>> Jeff Bert <[EMAIL PROTECTED]> (jb) writes: > > jb> I'm trying to get cyrus secured via SSL using stunnel and haven't been > jb> successful yet... this is what I've tried: > > jb> editted cyrus.conf: > > jb> SERVICES { > jb> ... > jb> ... > jb> pop3 cmd="/usr/sbin/stunnel -p > /etc/stunnel/stunnel.pem -l pop3d" > jb> listen="pop3" prefork=0 > jb> ... > jb> ... > jb> } > > jb> is anything like this possible? i need it secured via SSL for > Windoze users. > > You're working too hard. You can provide SSL (TLS) alternatives > like this: > > SERVICES { > ... > imaps cmd="imapd -s" listen="imaps" prefork=0 > ... > pop3s cmd="pop3d -s" listen="pop3s" prefork=0 > ... > } > > Then tell Cyrus where to find the certs using the imapd.conf > settings tls_key_file, tls_cert_file, tls_ca_path, and tls_ca_file. > See imapd.conf(5) for more info. Oh, and don't forget to list the > ports in /etc/services: > > imaps 993/tcp # imap via ssl > pop3s 995/tcp # pop via ssl > > > -- > Amos > >
Re: cyrus and SSL/stunnel
> On Thu, 7 Mar 2002 21:40:50 -0800, > Jeff Bert <[EMAIL PROTECTED]> (jb) writes: jb> I'm trying to get cyrus secured via SSL using stunnel and haven't been jb> successful yet... this is what I've tried: jb> editted cyrus.conf: jb> SERVICES { jb> ... jb> ... jb> pop3cmd="/usr/sbin/stunnel -p /etc/stunnel/stunnel.pem -l pop3d" jb> listen="pop3" prefork=0 jb> ... jb> ... jb> } jb> is anything like this possible? i need it secured via SSL for Windoze users. You're working too hard. You can provide SSL (TLS) alternatives like this: SERVICES { ... imaps cmd="imapd -s" listen="imaps" prefork=0 ... pop3s cmd="pop3d -s" listen="pop3s" prefork=0 ... } Then tell Cyrus where to find the certs using the imapd.conf settings tls_key_file, tls_cert_file, tls_ca_path, and tls_ca_file. See imapd.conf(5) for more info. Oh, and don't forget to list the ports in /etc/services: imaps 993/tcp # imap via ssl pop3s 995/tcp # pop via ssl -- Amos
cyrus and SSL/stunnel
I'm trying to get cyrus secured via SSL using stunnel and haven't been successful yet... this is what I've tried: editted cyrus.conf: SERVICES { ... ... pop3cmd="/usr/sbin/stunnel -p /etc/stunnel/stunnel.pem -l pop3d" listen="pop3" prefork=0 ... ... } is anything like this possible? i need it secured via SSL for Windoze users. Jeff