Updating SSL cert on mail server

System notices about outages and upgrades can be found here.

Moderator: forhire

Updating SSL cert on mail server

Postby forhire » Wed Jul 21, 2004 12:03 am

Our self signed cert on the mail server has expired. We purchased a new cert tonight and are awaiting final approval. We should have it installed in a day or two.
forhire
Site Admin
 
Posts: 376
Joined: Thu Jun 24, 2004 7:56 pm
Location: Morton, Washington

Postby forhire » Wed Jul 21, 2004 7:11 pm

The new cert has been installed on the webmail side of the server. You can now use ssl to encrypt your webmail browsing. Very cool for those of you that travel and use untrusted networks.

We will also be installing the certificate on the pop3 daemon later tonight for ssl encrypted pop3 mail on port 995. I will post an update when completed.
forhire
Site Admin
 
Posts: 376
Joined: Thu Jun 24, 2004 7:56 pm
Location: Morton, Washington

Postby forhire » Thu Jul 22, 2004 1:12 am

The new ssl cert has been installed on the pop3 daemon on port 995. You can now configure your mail programs to login using ssl. In Outlook Express you'll find the option under the Advanced tab of your Account properties. :lol:

A couple of notes for others who may want to do the same with uw-imap. You need to decrypt your key if you used a password and if your CA is chained you'll need to cat it to the end of your ipop3d.pem file like:

openssl rsa -in mail.key -out mail.key.unencrypted
cat mail.key.unencrypted > ipop3d.pem
cat mail.cer >> ipop3d.pem
cat sf_issuing.crt >> ipop3d.pem
/etc/init.d/xinetd restart

Test your setup:
openssl s_client -connect mail.lewiscounty.com:995
forhire
Site Admin
 
Posts: 376
Joined: Thu Jun 24, 2004 7:56 pm
Location: Morton, Washington


Return to Service Notices

Who is online

Users browsing this forum: No registered users and 15 guests

cron