Imap noob alert!
Most of my clients use Outlook or Outlook Express. Each time either client is opened
they get the cert warning about it not being verified. Looks like this:
The server you are connected to is using a security certificate that could not be
verified.
A certificate chain processed correctly, but terminated in a root certificate which is
not trusted by the
trust provider.
Do you want to continue using this server?
If they click yes then all is well until they shutdown and then open thier client
again.
I am looking at the README.SSL and I think that step #3 (I am currently running with
the directions in step #2) will take care of my problem. I'm not sure tho as I cannot
get this step to work:
openssl req -newkey rsa:1024 -keyout bincimap.key -CA ca.pem -nodes -x509 -days 365
-out bincimap.crt
Here is my error:
$ openssl req -newkey rsa:1024 -keyout bincimap.key -CA ca.pem -nodes -x509 -days 365
-out bincimap.crt
unknown option -CA
req [options] <infile >outfile
where options are
-inform arg input format - DER or PEM
-outform arg output format - DER or PEM
-in arg input file
-out arg output file
-text text form of request
-pubkey output public key
-noout do not output REQ
-verify verify signature on REQ
-modulus RSA modulus
-nodes don't encrypt the output key
-engine e use engine e, possibly a hardware device
-subject output the request's subject
-passin private key password source
-key file use the private key contained in file
-keyform arg key file format
-keyout arg file to send the key to
-rand file:file:...
load the file (or the files in the directory) into
the random number generator
-newkey rsa:bits generate a new RSA key of 'bits' in size
-newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'
-[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)
-config file request template file.
-subj arg set or modify request subject
-new new request.
-batch do not ask anything during request generation
-x509 output a x509 structure instead of a cert. req.
-days number of days a certificate generated by -x509 is valid for.
-set_serial serial number to use for a certificate generated by -x509.
-newhdr output "NEW" in the header lines
-asn1-kludge Output the 'request' in a format that is wrong but some CA's
have been reported as requiring
-extensions .. specify certificate extension section (override value in config file)
-reqexts .. specify request extension section (override value in config file)
-utf8 input characters are UTF8 (default ASCII)
-nameopt arg - various certificate name options
-reqopt arg - various request text options
Looks like it don't understand the -CA option.
So anyway is this the step that I need to do to get the warning box to go away? This
is on OpenBSD if that makes any difference. Other than this everything looks like it
works fine. Much love to the developers.
Thanks,
Doug
--
_____________________________________________________________
Web-based SMS services available at http://www.operamail.com.
>From your mailbox to local or overseas cell phones.
Powered by Outblaze
