Re: Secure POP3 FAQ needed

[MikeM]

On Wed, 27 Mar 2002 at 8:36 PM Peter Palmreuther wrote:
|
|KG have also heard that one can create his own certificate using OpenSSL.
|
|You will not need to build a certificate.
|You'll only need the public part of servers key to have imported into your
|address book into 'Trusted Root CA' part.
|
|If your University does not offer to download the public key you can 'work
|around' this.
|
|Fetch OpenSSL compiled for Win32 from
|http://www.ritlabs.com/ftp/pub/the_bat/beta/openssl.rar
|Unrar it and open a command line shell (command.com or cmd.exe).
|
|Use this command from openssl-directory you extracted the content from
|RAR-archive to to connect to the server:
|
|openssl s_client -connect Mail-Server:Port -showcerts
|
|Port is usually 995 for POP3-over-SSL, Mail-Server you really should
|know best :-)
|
|Some stuff appears on screen. Then .. suddenly there's a line starting:
|
|-BEGIN CERTIFICATE-
|
|From _this line_, including it, until
|
|-END CERTIFICATE-
|
|also _including_, copy the whole block and save it with the help of
|Notepad, or any text editor of your choice, to a new text file.
|Call it to you preferences, but I'd suggest you make it's extension to
|'.pem'
|
|Now open up your TB!'s AB and go to 'Trusted Root CA'.
|Create a new contact, enter informations to your like.
|Enter the 'Certificates' tab and 'Import' the file you've just created.
|Save this new 'contact'.
|
|Enter the server settings of your mail account belonging to this server.
|At 'Transport' section change it to use 'Secure to dedicated port (TLS)'.
|
|You should be done. If not: copy the error message from log file
|(Ctrl+Shift+A) and paste it here so we maybe can give further hints.
|
|KG Maybe they could even post an FAQ sheet?
|
|Not yet :-) I'll need some _spare_ time for that :-)))
=



Might it be possible to incorporate this behavior into TB, so that when it discovers a 
secure server; it gets the certificate, displays it and prompts me if I want to save 
the certificate?

While the above works, it does seem like a lot to ask an end-user to do, especially 
when other [inferior] email clients do it as I suggested.





Current Ver: 1.60k
FAQ: http://faq.thebat.dutaint.com 
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives   : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://bt.ritlabs.com

Re: Secure POP3 FAQ needed

[Peter Palmreuther]

Hello Kai,

On Wednesday, March 27, 2002 at 10:28:18 AM you wrote in
[EMAIL PROTECTED]">mid:[EMAIL PROTECTED] (at least in part):

KG have also heard that one can create his own certificate using OpenSSL.

You will not need to build a certificate.
You'll only need the public part of servers key to have imported into your
address book into 'Trusted Root CA' part.

If your University does not offer to download the public key you can 'work
around' this.

Fetch OpenSSL compiled for Win32 from
http://www.ritlabs.com/ftp/pub/the_bat/beta/openssl.rar
Unrar it and open a command line shell (command.com or cmd.exe).

Use this command from openssl-directory you extracted the content from
RAR-archive to to connect to the server:

openssl s_client -connect Mail-Server:Port -showcerts

Port is usually 995 for POP3-over-SSL, Mail-Server you really should
know best :-)

Some stuff appears on screen. Then .. suddenly there's a line starting:

-BEGIN CERTIFICATE-

From _this line_, including it, until

-END CERTIFICATE-

also _including_, copy the whole block and save it with the help of
Notepad, or any text editor of your choice, to a new text file.
Call it to you preferences, but I'd suggest you make it's extension to
'.pem'

Now open up your TB!'s AB and go to 'Trusted Root CA'.
Create a new contact, enter informations to your like.
Enter the 'Certificates' tab and 'Import' the file you've just created.
Save this new 'contact'.

Enter the server settings of your mail account belonging to this server.
At 'Transport' section change it to use 'Secure to dedicated port (TLS)'.

You should be done. If not: copy the error message from log file
(Ctrl+Shift+A) and paste it here so we maybe can give further hints.

KG Maybe they could even post an FAQ sheet?

Not yet :-) I'll need some _spare_ time for that :-)))
-- 
Regards
Peter Palmreuthermailto:[EMAIL PROTECTED]
(The Bat! v1.60 on Windows 2000 5.0 Build 2195 Service Pack 2)

--- There Can Be Only One ---



Current Ver: 1.60 / 1.60a
FAQ: http://faq.thebat.dutaint.com 
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives   : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]