[imp] Cert Verification imap ssl
Craig A Lewis
clewis@math.unm.edu
Wed, 17 Jul 2002 12:34:01 -0700 (MST)
Hello,
Thank you so much for the help. The path that you build into
php for openssl was not in our case the path to the directory
tree where the certs directory of server certificates are due to
an unusual software package management system we use.
Thus I have fixed my problem. Thank you again.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
[_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_X_]
Craig Lewis 505 277 6068 help@math.unm.edu
UNIVERSITY OF NEW MEXICO MATHEMATICS AND STATISTICS
COMPUTER SYSTEMS SUPPORT
Humanities Building Office 415
Albuquerque, NM 87131
On Wed, 17 Jul 2002, Cliff Green wrote:
> Quoting Craig A Lewis <clewis@math.unm.edu>:
>
> >
> > Hello,
> >
> > No, I am not using a self signed cert; sorry I should have
> > made that clearer. Our email clients use imaps and we
> > are using a thawte.com cert.
>
> Your local clients (Communicator, etc.) already have Thawte's signing cert
> in their store, your imp/horde server doesn't.
>
> You need to let openssl (and by extension PHP) know to trust your cert.
> Unless you have Thawte's current signing cert in your openssl certs
> directory (which it sounds like you don't), try this:
>
> 1) Copy the cert in PEM format into the OpenSSL certs directory on your
> horde/imp server (for me that's either in /usr/local/ssl/certs or
> /usr/share/ssl/certs - YMMV)
> 2) run c_hash against it (you should find c_hash in /usr/local/ssl/misc or
> /usr/share/ssl/misc) to generate the hash id for your cert
> 3) create a symbolic link from the pem file to the hash (e.g.: "ln -s
> my_servers_imapd.pem 7d6f554a.0") so openssl can find it
> 4) use "'protocol' => 'imap/ssl'" in imp/config/servers.php
>
> I've done this with five of our "private-label" certs, and it works as expected.
>
> (PS - you might check to see if the appropriate root cert from Thawte isn't
> in the ca-bundle.crt file that comes with OpenSSL; if it is, you may be
> able to get away with just creating the hash for that.)
>
> c
> --
> Cliff Green
> Academic Computing Services - UMDNJ
> Signature under NDA
>
> --
> IMP mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
>