Re: tls self-signed certificates
On Oct 17, 2007, at 9:55 PM, Craig White wrote: > OK - what I discovered was that TLS works with this setup (telnet > localhost 143) > > IMAP/SSL doesn't seem to work when you 'telnet localhost 993' but on a > client that is forgiving for self-signed certificates, it does > actually > work. So much for my testing methodology. Try this to access an IMAP/SSL server via the command line: openssl s_client -connect hostname:port -nik Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: tls self-signed certificates
On Tue, 2007-10-16 at 08:23 -0700, Craig White wrote: > How do people generate self-signed certificates as this no longer works > for me... > > generate cyrus certificate > openssl req -config /etc/ssl/openssl.cnf \ > -new -x509 -nodes \ > -out /etc/ssl/cyrus-global.pem \ > -keyout /etc/ssl/cyrus-global.pem \ > -days 3650 > openssl gendh 512 >> /etc/ssl/cyrus-global.pem > > and I used to use this cyrus-global.pem for both tls_cert_file and > tls_key_file... > > tls_cert_file: /etc/ssl/cyrus-global.pem > tls_key_file: /etc/ssl/cyrus-global.pem > tls_ca_file: /etc/ssl/private/cacert.pem > > but this fails... > Oct 16 08:22:47 spot imaps[7905]: imaps TLS negotiation failed: > ip68-230-71-199.ph.ph.cox.net [68.230.71.199] > Oct 16 08:22:47 spot imaps[7905]: Fatal error: tls_start_servertls() > failed > > suggestions anyone? OK - what I discovered was that TLS works with this setup (telnet localhost 143) IMAP/SSL doesn't seem to work when you 'telnet localhost 993' but on a client that is forgiving for self-signed certificates, it does actually work. So much for my testing methodology. Sorry for the noise Craig Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
tls self-signed certificates
How do people generate self-signed certificates as this no longer works for me... generate cyrus certificate openssl req -config /etc/ssl/openssl.cnf \ -new -x509 -nodes \ -out /etc/ssl/cyrus-global.pem \ -keyout /etc/ssl/cyrus-global.pem \ -days 3650 openssl gendh 512 >> /etc/ssl/cyrus-global.pem and I used to use this cyrus-global.pem for both tls_cert_file and tls_key_file... tls_cert_file: /etc/ssl/cyrus-global.pem tls_key_file: /etc/ssl/cyrus-global.pem tls_ca_file: /etc/ssl/private/cacert.pem but this fails... Oct 16 08:22:47 spot imaps[7905]: imaps TLS negotiation failed: ip68-230-71-199.ph.ph.cox.net [68.230.71.199] Oct 16 08:22:47 spot imaps[7905]: Fatal error: tls_start_servertls() failed suggestions anyone? Craig Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
