> Hi again! Hi, I've had no time to try anything as I've been affected by a sudden surge in workload (things that *have* to be ready before Christmas :-| ). So I'll use my well deserve relax between Xmas and new year to try things based on your very useful suggestions.
> > Inside openssl.conf i find the following note that can be > related to that: > > # Passwords for private keys if not present they will be prompted for > > # input_password = secret > > # output_password = secret > > > > These lines are still commented out in my .cnf, do you know > something about > > it? > > I guess they are default passwords that the openssl tool tries to use if > they're set, instead of first prompting the user like it does now. > 1 thing to try out (with and without) > > About the "bad certificate" error in the log file: > > Trying to connect with Netscape 7 or 4.7 makes no difference > (well, although > > the text might be slightly different). I get the log below: > > @400000003fda4e0b0c83ba4c 3868 0 [EMAIL PROTECTED]:] Error > initializing > > Binc IMAP: SSL negotiation failed: Internal SSL error: > > error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate > > This is strange.. Netscape 7 should work very well with the certificate. > > Put the CA certificate (WITHOUT the key!) on the web somewhere, make sure > that the web server serves the cert file as the MIME type > application/x-x509-ca-cert and just surf to that location with the web > browser, you should get a box asking you to trust the new CA, check all > appropriate boxes (at least web sites, but I trust it for > everything) to add > your own CA as a trusted CA in the browser. Yes I've done that, and in Netscape 7.1 (last time it was 4.7 or 7) this is the message I get from netscape mail: Could not establish an encrypted connection because certificate presented by my.server.name is invalid or corrupted. Error code: -8101 and this is inside le log: @400000003fde2c5b28503a84 13474 0 [EMAIL PROTECTED]:] Error initializing Binc IMAP: SSL negotiation failed: Internal SSL error: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown Obviously there is something wrong with my CA certificate (it has been accepted and installed by the browser, however) I will do some more tryals to see what's wrong, I havn't done anything new (certificates and alike) since last However I succeded installing Squirrelmail, running it and accessing it, so what isn't good for Netscape is good for PHP. (However I have som other problems on that, but first I have to do some homework and only then I might start a new thread). > After that, Netscape should be able to talk to Binc just fine. If you want > to have a client certificate as well thanks for all following suggestions... they are in the queueline :-) Bye Paolo
