Firstly, there's no web server running at this site so http based solutions aren't an option. I tried copying the ssl certificate from /usr/lib/ssl/certs and importing it into IE, the import worked, but it still wasn't recognised in Outlook. I Installed Eudora on the XP machine and it worked with no problems, but my client still refuses to use it, so I went back to Outlook and looked some more, and discovered that I'd checked "use secure password authentication" which when I unticked it, caused everything to work, over the SSL connection.
So now at least the customer is happy and I'm left wondering if the password is being encrypted or not, which was the whole point of the exercise to begin with. For the moment the laptop is staying in the office so I'll put it on the "to do later" list. :)
thanks again y'all.
..S.
On Tuesday, March 18, 2003, at 12:18 PM, Glen Turner wrote:
Tony Green wrote:On Tue, 2003-03-18 at 00:20, Stewart wrote:Hey sluggers,
I'm running a UOW imap setup (on a mandrake box) for a client and recently got it working with SSL, port 993 and all that. Everything was working fine with a variety of client/OS combinations until the new windows XP machine turned up today and its Outlook started complaining about invalid server certificates. I haven't looked into the problem in detail yet but just wanted a heads up to see if anyone has had this problem.I have a similar problem with courier-(imap|pop)-ssl. I don't think that outlook likes self signed certs. If you point IE to https://yourmail.server:993, you can save the cert and in some versions that works. Anyone else have anything?
Drop your site's self-signed Certificate Authority certificate on your website
http://www.example.edu.au/example-ca.cer
making sure you serve this with the MIME type
application/x-x509-ca-cert
Get your users to open this in IE and tell them to accept the certificate. The certificate should be good (eg: not expired).
Now when your Outlook seeks your site's IMAP server's certificate signed with your self-signed CA certificate it will be able to validate the certificate.
If you've made the IMAP server's certificate self-signed then you've made a mistake, as your users will need to download a certificate for each service from your site and add it to the CA database. You can either fix the error or get users to click on and accept the IMAP certificate as well.
You should probably install your site's self-signed Certificate Authority certificate as part of the machie installation or Ghost image creation.
Microsoft have really good documentation on their website discussing how it implements certificate handling.
For those not on the dark side, you'll need a recent Mozilla version, as certificate handling for IMAP was fluffed in earlier versions.
-- Glen Turner (08) 8303 3936 or +61 8 8303 3936 Australian Academic and Research Network www.aarnet.edu.au
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
