On Sun, 21 Sep 2003, Scott Schappell wrote:
>Can some one PLEASE tell me how the heck to set this damn thing up to run
>SSL?
>Specifically:
>How to create a cert that works
The original package gives you the option to go "make cert", and that
creates a PEM encoded file which contains a self-signed certificate and a
private key. This is the file that Binc IMAP wants.
>What PEM file do I specify in the config file for bincimap? I have like 5
>to choose from and no offense to Andy, the documentation in the config
>and the FAQ is kinda sketchy on this point. Anything else a clueful
>newbie needs to know to become less ignorant about this issue
The README says:
To create a self signed SSL certificate, run "make cert".
The FAQ says:
http://www.bincimap.org/bincimap-faq.html#q13
"SSL in Binc IMAP is quite simple to set up. First you need a PEM
encoded private key and certificate file. In some distributions,
you can generate this file by changing to /usr/share/ssl/certs and
running "make". A script will give you the option to build a PEM
file."
>bincimap works just great on port 143, it's only this SSL thing that's
>got me leaving bloody forehead sized marks on a brick wall :).
Firstly, could you show the contents of your log files at the time that a
connect is done.
Then, try connecting to the service at port 993 with telnet, and see if
the service is actually SSL encoded or not (if you get a plain text
greeting, then it's not). :-)
Finally, attach to tcpserver or xinetd (or whichever tcp wrapper you are
using) with "strace -s 128 -f -p <pid>", dump the output to a file, then
post a link to the file with passwords removed to this list.
I'm sure we can figure it out - I have heard of no such problems with
stock Binc IMAP.
Andy :-)
--
Andreas Aardal Hanssen
