* Setting SSL certificate authority?
@ 2004-09-08 19:14 Dave Abrahams
2004-09-08 21:01 ` Andrew A. Raines
2004-09-09 9:44 ` Simon Josefsson
0 siblings, 2 replies; 3+ messages in thread
From: Dave Abrahams @ 2004-09-08 19:14 UTC (permalink / raw)
Hi,
I've been connecting to my IMAP server with SSL, but the other day a
certificate expired and I had to turn SSL off. My sysadmin has volunteered to
set up a local certificate authority so we can avoid buying new certificates.
That'd be secure enough for me if I knew how to tell Gnus to use that
authority. Can anyone help?
Thanks in advance,
Dave
--
Dave Abrahams
Boost Consulting
http://www.boost-consulting.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Setting SSL certificate authority?
2004-09-08 19:14 Setting SSL certificate authority? Dave Abrahams
@ 2004-09-08 21:01 ` Andrew A. Raines
2004-09-09 9:44 ` Simon Josefsson
1 sibling, 0 replies; 3+ messages in thread
From: Andrew A. Raines @ 2004-09-08 21:01 UTC (permalink / raw)
Dave Abrahams <dave@boost-consulting.com> writes:
> I've been connecting to my IMAP server with SSL, but the other day
> a certificate expired and I had to turn SSL off. My sysadmin has
> volunteered to set up a local certificate authority so we can avoid
> buying new certificates. That'd be secure enough for me if I knew
> how to tell Gnus to use that authority. Can anyone help?
The Emacs minibuffer tells me `nnimap-stream ssl' is using openssl
s_client under the covers. Can't you just add the CA cert to
/etc/ssl/certs or /usr/local/ssl/certs or whatever makes sense for
your OpenSSL installation?
--
aaraines@pobox.com (Andrew A. Raines)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Setting SSL certificate authority?
2004-09-08 19:14 Setting SSL certificate authority? Dave Abrahams
2004-09-08 21:01 ` Andrew A. Raines
@ 2004-09-09 9:44 ` Simon Josefsson
1 sibling, 0 replies; 3+ messages in thread
From: Simon Josefsson @ 2004-09-09 9:44 UTC (permalink / raw)
Dave Abrahams <dave@boost-consulting.com> writes:
> Hi,
>
> I've been connecting to my IMAP server with SSL, but the other day a
> certificate expired and I had to turn SSL off. My sysadmin has volunteered to
> set up a local certificate authority so we can avoid buying new certificates.
> That'd be secure enough for me if I knew how to tell Gnus to use that
> authority. Can anyone help?
Do you use OpenSSL, starttls or GnuTLS?
GnuTLS is the recommend solution, if you use it: customize
`tls-program' and add a --x509cafile parameter pointing at the CA
file.
IIRC, OpenSSL and starttls doesn't quit on verification failures.
What went wrong when the certificate expired?
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-09-09 9:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-09-08 19:14 Setting SSL certificate authority? Dave Abrahams
2004-09-08 21:01 ` Andrew A. Raines
2004-09-09 9:44 ` Simon Josefsson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).