Yep, signed into my sourceforge account and when I went to find a
"compose" or "new" I couldn't find anything
Went to the page I saw and tried "edit" (or something) and it said that
editing was limited to admin and editors
Didn't know who all that was, so post.
:)
Thanks for the help btw.
text file is attached to this post
On 2/4/2010 11:22 AM, Fritz Borgstedt wrote:
Ok, from the limited adventures I had with SSL, I said I'd make
something for the ASSP wiki and I've got the post in txt format, but
when I go to the wiki to actually put it up, I'm not allowed.
Who do I need to pass this on to to get it posted?
You may it send to me.
Did you login at the wiki site?
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
Setting up SSL for a Windows Server 2003 System
Program versions:
ASSP 1.5.1.5
Perl 5.08
hMailServer 5.2-B356
OpenSSL 0.9.8L
Foreword:
Yes, they are older versions. At the time of writing, the server was to be
decommissioned and I saw no point in runing upgrades. Moving from the older to
the newer versions should not be extremely difficult.
Win32 OpenSSL: http://www.slproweb.com/products/Win32OpenSSL.html
ASSP v1 (stable release): http://assp.sourceforge.net/
ActivePerl (5.10 recomended): http://www.activestate.com/activeperl/
hMailServer: http://www.hmailserver.com/
NOTE: When I installed ActivePerl 5.10 on the new server, I found I needed a
perl508.dll placed in the Perl\bin folder to install some of the perl modules
from the ASSP module installation. While this may not be needed anymore, it may
be wise to have the file ready just in case.
>From here the post will assume:
1) Perl 5.08 is running with all recommended perl modules installed
2) ASSP 1.5.1.5 is running correctly on your server
3) hMailServer 5.2-B356 is running correctly on your server
4) You have no problem sending or recieving mail through your server
5) OpenSSL has been installed with to the C:\OpenSSL folder
6) OpenSSL files were saved in the bin folder
7) The PATH environment variable has been set to include OpenSSL bin folder
8) Generated keys and certificates will be stored in C:\MyCerts with names
certificates.pem and key.pem
Generate Certificates using Win32 OpenSSL
Reference: Simple Thoughts Blog entry
(http://blog.taragana.com/index.php/archive/openssl-how-to-create-self-signed-certificate/)
Reference: OpenSSL Documentation (http://www.openssl.org)
To generate a self-signed certificate you need to create your private key
first. Arguements will abound on how strong to make it, but for the sake of
this article, we'll place a 2Mb key length. For use in ASSP, the key will need
to be in PEM format (this was a default output for OpenSSL in 0.9.8L)
At the command prompt type: openssl genrsa -out key.pem 2048
Next OpenSSL needs to generate a Certificate Signing Request (this is for
either signing authorities or self-signed certificates)
At the command prompt type: openssl req -new -key key.pem -out request.csr
By default, you will be asked a series of questions
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Answer these honestly and correctly.
For Common Name, put the name of your site or your server (example: mysite.com)
(example: mail.mysite.com)
These can be preset, and for more information about that look in the OpenSSL
documentation.
If you are getting a signing authority for your certificate, you want to send
in the request.csr file generated from the last command. The signing authority
will send the certificates back and you will need to install them on your
server. If you're doing a self-signed certificate, continue on.
Finally OpenSSL will generate your certificate. For the sake of this article,
we'll select a certificate for 365 days (1 year).
At the command prompt: openssl x509 -req -days 365 -in request.csr -signkey
key.pem -out certificate.pem
I'd suggest putting the generated certificate and the private key in a folder
together so they can be easily found. For the article, we'll assume that both
files are located in folder C:\MyCerts
Please note: Self-Signed certificates ARE NOT trusted by default. Most e-mail
clients will pop up some kind of warning to the user if it is a self-signed
certificate in use.
Configure hMailServer to use certificates
Reference: hMailServer Documenation - SSL Certificate
(http://www.hmailserver.com/documentation/v5.2/?page=reference_sslcertificates)
To configure hMailServer so it will use the generated certificates
1) Open hMailServer Administrator
2) Go to Settings->Advanced->SSL Certificate
3) Click "ADD"
4) Give it a name. It's suggested to be the host name of the SSL Certificate
5) Select the certificate and private key files (eg:
C:\MyCerts\certificate.pem and C:\MyCerts\key.pem)
NOTE: It is possible that there are seperate certificates for IMAP and SMTP
connections, in which case we are using the IMAP certificate set
6) Save the changes
7) Go to Settings->Advanced->TCP/IP Ports
8) Select or create a port to use SSL for IMAP (generally this is on port 993)
9) Check the "Use SSL" option and select the SSL creditials that were set up
earlier from the drop-down box
10) Save the changes (hMailServer will require a restart to apply the change)
11) Configure your e-mail client to use the SSL IMAP port to check your
settings.
NOTE: A pop up of some kind will probably appear and ask to accept or reject a
self-signed certificate. Also, the password for the account will probably need
to be entered.
12) Send the account e-mail from another account (preferably an external
account) to confirm you are recieving mail correctly. If not, check settings
and make sure firewall ports are set as needed.
If everything is going as expected, you are now able to directly recieve mail
through hMailServer using SSL
Configure ASSP to use certificates
1) Log in to the ASSP web interface (usually http://asspserver:55555) and go to
the "SSL/TLS" section or open the config file
2) Change the following settings (the values are examples)
-enableSSL: checked
-NoTLSlistenPorts: 127.0.0.1:25|other IP:port(s)
-listenPortSSL: 465
-SSLCertFile: c:/MyCerts/certificate.pem
-SSLKeyFile: C:/MyCerts/key.pem
-SSLRetryOnError (this is subject to the system setup)
NOTE: The slashes ARE NOT a typo. ASSP needs them entered that way even on
Windows machines!
3) Change the SMTP in your mail client to use SSL on the port listed in your
"listenPortSSL"
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
