On 8/23/07, Nels Lindquist <[EMAIL PROTECTED]> wrote:
>
> Hi, all.
>
> I'm configuring a Cyrus IMAPD server for a number of virtual domains,
> and I'm concerned about a potential issue with SSL/TLS for the virtual
> hosts, which is that I can't find a way of specifying different
> certificates for
Hello again!
Goetz Babin-Ebell wrote:
> This question pops up occasionally in most list concerning SSL.
>
> You can only use one certificate for one IP address / port pair.
>
> If you have several IP addresses on your host,
> you can run several insances of cyrus to listen on
> the different IP
>
> How much configuration similarity does there have to be between the
> different config files? Can I change anything except for the
> tls_[*]_file directives?
>
> Thanks very much for the information! I think this could work for us.
Make one master imapd.conf file with everything but the cert
Goetz Babin-Ebell wrote:
> This question pops up occasionally in most list concerning SSL.
>
> You can only use one certificate for one IP address / port pair.
>
> If you have several IP addresses on your host,
> you can run several insances of cyrus to listen on
> the different IP addresses and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nels Lindquist schrieb:
> Hi, all.
Hello Nels,
> I'm configuring a Cyrus IMAPD server for a number of virtual domains,
> and I'm concerned about a potential issue with SSL/TLS for the virtual
> hosts, which is that I can't find a way of specifying dif
On Wed, 2004-01-14 at 19:03, Craig Ringer wrote:
> > He is - he's just using one signed by someone who was
> > signed by a known authority. Nothing needs to be installed in the
> > browser.
>
> OK - I must've misunderstood his initial email.
Yes, on re-reading my post after your initial messag
On Wed, 2004-01-14 at 16:05, Joe Rhett wrote:
> Use the exact same files for the web server as for the Cyrus mail server.
> They're both using the same library.
Well, in Apache I have the following, in addition to the usual
'SSLCertificateFile' and 'SSLCertificateKeyFile' directives:
SSLCertifi
Craig Ringer wrote:
That appears to depend on the client - it certainly doesn't work with
Mozilla, and Eudora needs some manual steps that the users seem to have
trouble with. OTOH, it _shouldn't_ work automatically; the cert is no
more inherently trustworthy than any random one somebody has gen
Joe Rhett wrote:
I expect that'd do it; you'll still need to install the CA certificate
in browsers, though. I have a similar setup, but with a CA cert
generated in-house.
No you don't. The server hands out both certificates during the
connection process. It just works ;-)
That appears to depend
On Mon, Jan 12, 2004 at 07:25:33PM -0800, Wil Cooley wrote:
> [Sorry this is a repost from a month ago; I didn't get an answer then,
> but maybe my timing is better now.]
>
> For my web server, I use a certificate from Comodo which is very
> inexpensive by comparison with Thawte/Verisign certs, bu
> I expect that'd do it; you'll still need to install the CA certificate
> in browsers, though. I have a similar setup, but with a CA cert
> generated in-house.
No you don't. The server hands out both certificates during the
connection process. It just works ;-)
> I then install the ca cert i
Wil Cooley wrote:
[Sorry this is a repost from a month ago; I didn't get an answer then,
but maybe my timing is better now.]
For my web server, I use a certificate from Comodo which is very
inexpensive by comparison with Thawte/Verisign certs, but it requires
installation of an intermediary key for
r all your help,
Lee
-Original Message-
From: Jeff Bert [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 8:53 PM
To: Lee Hoffman
Cc: 'Cyrus Mailing List'
Subject: RE: SSL/TLS
i looked in the compile notes for 2.0.16 and I think maybe you have
the option wrong... mayb
t; To: 'Jeff Bert'; 'Ken Murchison'
> Cc: 'Cyrus Mailing List'
> Subject: RE: SSL/TLS
>
>
> So when I restart cyrus I get the same as jeff when I run netstat.
>
> I'm beginning to wonder if this maybe a compile issue. I just tried
> recompi
c: 'Cyrus Mailing List'
Subject: RE: SSL/TLS
also, i'd do a 'netstat -an | grep 993' to see if anything is listening
on that port... i get:
tcp 0 0.0.0.0:993 0.0.0.0:* LISTEN
and my imaps port works.
Jeff
> -Original Message-
> From: J
Jeff Bert wrote:
> i only get the cyrus master line... try to get all that other crap off
>
> you running masquerading for a home pc?
>
> if you're running a firewall why don't you turn it off for a sec and test
> it. Also, i'm no tcp/ip guru but all that extra taffic on 993? get rid
> of it
ay, May 22, 2002 1:16 PM
> To: Lee Hoffman
> Cc: 'Cyrus Mailing List'
> Subject: RE: SSL/TLS
>
>
> maybe you should look in /etc/xinetd.d/ and see if there is an imaps
> file floating unwarranted in there. maybe some other process is
> intercepting
> it...
lf Of Ken Murchison
> Sent: Wednesday, May 22, 2002 12:35 PM
> To: Lee Hoffman
> Cc: 'Cyrus Mailing List'
> Subject: Re: SSL/TLS
>
>
>
>
> Lee Hoffman wrote:
> >
> > The log was already at local6.debug. When I try to login, no imapd -s
> > process
From: Ken Murchison [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 3:13 PM
To: Lee Hoffman
Cc: 'Cyrus Mailing List'
Subject: Re: SSL/TLS
Lee Hoffman wrote:
>
> Im not sure if its being caused by login attempts via ssl (although it
> seems to happen when I try to log
n if your
tried to do SSL/TLS and it wasn't compiled with it.
> -Original Message-
> From: Ken Murchison [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 3:13 PM
> To: Lee Hoffman
> Cc: 'Cyrus Mailing List'
> Subject: Re: SSL/TLS
>
> Lee Hoffman
If you have a running 'imapd -s', then do an strace on it to see what it
is doing.
Ken
> -Original Message-
> From: Ken Murchison [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 2:52 PM
> To: Lee Hoffman
> Cc: 'Cyrus Mailing List'
> Subject:
in /etc/services
Lee
-Original Message-
From: Ken Murchison [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 2:52 PM
To: Lee Hoffman
Cc: 'Cyrus Mailing List'
Subject: Re: SSL/TLS
Lee Hoffman wrote:
>
> When I run /usr/local/ssl/bin/openssl s_client -conne
Subject: Re: SSL/TLS
Lee Hoffman wrote:
>
> This is VERY weird!!! When I telnet into the mailserver on 993:
>
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> . logout
> ^X
>
> No commands works, yet it says that its connected
Scratch that, that error prints out occasionally even when Im not trying
to log in via ssl.
Lee
-Original Message-
From: Ken Murchison [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 2:52 PM
To: Lee Hoffman
Cc: 'Cyrus Mailing List'
Subject: Re: SSL/TLS
Lee Hof
Lee Hoffman wrote:
>
> When I run /usr/local/ssl/bin/openssl s_client -connect localhost:993
>
> The following is printed:
>
> CONNECTED(0003)
>
> Then it just hangs.
Check imapd.log for errors. Is "imaps" listed in /etc/services?
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Softw
Jeff Bert wrote:
> well i don't have a CA either but I found that i'd get a little
> more of a delay without those extra lines in there pointing
> the ca to the same file that contains the key/cert and
> some errors in the log file...
>
> did you try compiling cyrus-imapd without --with-openss
Hi Lee!
On Wed, 22 May 2002, Lee Hoffman wrote:
> This is VERY weird!!! When I telnet into the mailserver on 993:
You must speak SSL to port 993. Think of it as 'starttls'-less SSL.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind
which expects an SSL negotiation to be
made as soon as the connection is opened. Try doing this instead:
openssl s_client -connect localhost:993
> -Original Message-
> From: Scott M Likens [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 2:41 AM
> To: Lee Hoffman; &
Lee Hoffman wrote:
>This is VERY weird!!! When I telnet into the mailserver on 993:
>
>Trying 127.0.0.1...
>Connected to localhost.
>Escape character is '^]'.
>. logout
>^X
>
>No commands works, yet it says that its connected! '. logout' does
>nothing, '. starttls' does nothing etc... I checked i
Lee Hoffman wrote:
> This is VERY weird!!! When I telnet into the mailserver on 993:
> No commands works, yet it says that its connected! '. logout' does
> nothing, '. starttls' does nothing etc...
The "Hacker Test" that floated around the net several years ago hat the
two questions:
+++ Can yo
it sounds funny but in my 2.0.15 install I had STARTTLS
working without that configure option.
Jeff
> -Original Message-
> From: Lee Hoffman [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 7:41 AM
> To: 'Scott M Likens'; 'Jeff Bert'; [EMAIL PROTECT
From: Scott M Likens [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 2:41 AM
To: Lee Hoffman; 'Jeff Bert'; [EMAIL PROTECTED]
Subject: RE: SSL/TLS
*sigh*
Telnet to your imap port and please verify that the STARTTLS command
exists...
Easiest way to do that instead of doing . logout
; > + go ahead
> > C:
> > L01 OK User logged in
> > Authenticated.
> > Security strength factor: 0
> >
> > Any other ideas?
> >
> > Lee
> >
> >
> > -Original Message-
> > From: Jeff Bert [mailto:[EMAIL PROTECTED]]
>
Jeff Bert wrote:
> lastly, i remember I had to put in
>
> tls_ca_path:
> tls_ca_file:
>
> into imapd.conf to get it working... maybe you should try that
> first.. then try the re-compile.
While I am _far_ from an authority on this subject, I will add here that I
didn't need to have the "ca
-
> From: Lee Hoffman [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 21, 2002 9:59 PM
> To: 'Jeff Bert'; [EMAIL PROTECTED]
> Subject: RE: SSL/TLS
>
>
> Here is my imapd.conf:
>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: admin
iginal Message-----
> From: Jeff Bert [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 12:28 AM
> To: Lee Hoffman; [EMAIL PROTECTED]
> Subject: RE: SSL/TLS
>
> did you add these to your imapd.conf:
>
> tls_ca_path: /path-to-ca-folder/
> tls_ca_file: /path-to-ca-fi
002 12:28 AM
To: Lee Hoffman; [EMAIL PROTECTED]
Subject: RE: SSL/TLS
did you add these to your imapd.conf:
tls_ca_path: /path-to-ca-folder/
tls_ca_file: /path-to-ca-file/
tls_cert_file: /path-to-cert-file/
tls_key_file: /path-to-key-file/
?
> -Original Message-
> From: [EMAIL P
also, you should use:
# imtest -t "" -u lee -a lee -r server-name.com servername.com
Jeff
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman
> Sent: Tuesday, May 21, 2002 8:21 PM
> To: [EMAIL PROTECTED]
> Subject: SSL/TLS
>
>
> Hey all,
did you add these to your imapd.conf:
tls_ca_path: /path-to-ca-folder/
tls_ca_file: /path-to-ca-file/
tls_cert_file: /path-to-cert-file/
tls_key_file: /path-to-key-file/
?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman
> Sent: Tuesday
> Here is the output from imtest:
>
> Server-name:~# imtest -t "" -u lee server-name.com
try to
imtest -t "" -a lee erver-name.com
On Wed, 2002-05-22 at 10:20, Lee Hoffman wrote:
> Hey all,
> I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
> instructions to a "T" to cr
40 matches
Mail list logo
