On 1/1/07, Arnie Stender <[EMAIL PROTECTED]> wrote: > > A while back I posted a question about using SSL connections to pick > up > my mail and I got a lot of good information. I proceeded to implement > based on that information but I still don't have it working. Part of > what I recieved said I needed to import a key into my mail client > (Seamonkey). I tried to do that but it wasn't able to import anything > but PGP keys. I did an ldd on the binary and it isn't linked to the > libssl. Does Seamonkey use some other implementation of SSL or am I > going to have to recompile with some switch I failed to use the first > time around? I looked again through the BLFS instructions and can't find > any reference to SSL. I remember there was some sort of problem with > building the system installed NSS and NSPR so I used the internal > version. I did compile the enigmail. Any help would be greatly appreciated.
NSS is the Mozilla library that implements SSL/TLS (Mozilla actually created that technology). A couple things need to happen. I believe you created your own mail server. Next you need to create your server private/public SSL key pair. This is sort of non-trivial because the whole security model of SSL certificates is that a 3rd party is verifying that the server supplying the certificate is who they say they are. This 3rd party is known as the Certificate Authority or CA. You can purchase a commercial certificate (think Verisign), but they are pricey. Or, you can act as your own CA. Here's a howto: http://sial.org/howto/openssl/ca/ Another option is cacert.org, which gives out free certificates and has a pretty good wiki for figuring out how to do this stuff. I've been using these for mail, http and ldap for about a year with no problems. The problem with the last two approaches is that NSS or OpenSSL don't trust your CA. So, you have to import the CA certificate, implying that you trust that CA. Same with any other users that plan on authenticating with your server. The cacert.org CA certificate is here (you'd want the Type 1 PEM): http://www.cacert.org/index.php?id=3 In Seamonkey or Thunderbird, if you're in Preferences, I think there's a Certificates tab in there somewhere. In there you should find something about importing a CA certificate. I'm not at home to see exactly what the dialog looks like. Assuming that your mail server is setup correctly to issue the public/private key, Seamonkey should move along with the authentication process (possibly asking if you trust this CA once). There's also a way to build any new CA certificates into the NSS library, but it's a hassle. The list of CA certificates OpenSSL typically uses are in /etc/ssl/certs. HTH -- Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
