using NNTPS (nnrp with ssl) with windows mail / thunderbird on windows vista
Julien ÉLIE
julien at trigofacile.com
Mon Jun 23 17:35:08 UTC 2008
Hi David,
> i have working nnrpd with SSL configuration. I am using my custom generated
> SSL certificate signed with my own Certification Authority. Each time i am
> accessing news in Windows Mail client i am getting message , that
> certificate is not trusted and cannot be verified.
> I want to get rid off this message by importing my custom CA (or probably
> custom certificate) into windows certification storage and make it trusted
> so i will not get this message again.
Yes, you have to import your root CA into your certification storage
(I use "mmc" to do that).
> So far, i have converted my cacert.pem to der format using :
> openssl x509 -inform PEM -outform DER -in cacert.pem -out cacert.der
>
> Then, i have converted my nnrpd certificate to pk12 format using:
> openssl pkcs12 -export -clcerts -in nnrpd.cert.pem -inkey nnrpd.key.pem -out
> clcert.p12
It sounds complicated.
I do not know where the problem is but I can tell you what I did with
CURRENT INN, which has the following "make cert":
$(SSLBIN) req -new -x509 -nodes \
-out $(D)$(PATHLIB)/cert.pem -days 366 \
-keyout $(D)$(PATHLIB)/key.pem
chown $(RUNASUSER) $(D)$(PATHLIB)/cert.pem
chgrp $(RUNASGROUP) $(D)$(PATHLIB)/cert.pem
chmod 640 $(D)$(PATHLIB)/cert.pem
chown $(RUNASUSER) $(D)$(PATHLIB)/key.pem
chgrp $(RUNASGROUP) $(D)$(PATHLIB)/key.pem
chmod 600 $(D)$(PATHLIB)/key.pem
I think your inn.conf (or sasl.conf) configuration is fine according
to what you tell.
I only did:
cp key.pem news.trigofacile.com.crt
and imported news.trigofacile.com.crt as root CA in my certification storage.
No problem afterwards.
> Can someone help me please, or point me to solution?
Well, I do not know whether what I wrote could help you, but anyway,
better say it in case it helps.
--
Julien ÉLIE
« Pas question de faire voler un tapis volé ! » (Astérix)
More information about the inn-workers
mailing list