[prev in list] [next in list] [prev in thread] [next in thread]
List: mozilla-crypto
Subject: Re: simap client authentication
From: Bert Koelewijn <bertkoelewijn () brouwervanveen ! nl>
Date: 2003-07-02 7:12:22
[Download RAW message or body]
It's working very nice! I'm using -v 2 and our CA Cert.
THANKS!
Roland Dirlewanger wrote:
> Bert Koelewijn wrote:
>
>> is it possible with mozilla to present a client certificate to a simap
>> server? I'm using stunnel to do imap over ssl and want mozilla to
>> authenticate with a certificate.
>
>
> Mozilla won't present a certificate if the server doesn't explicitly
> require it. So, the configuration has to be done on the server's side.
>
> For stunnel, just use the "-v 3" option.
>
> Currently, I use the following arguments to stunnel (3.22) to do this
>
> /usr/sbin/stunnel -l /usr/sbin/imapd \
> -p /usr/share/ssl/certs/imapd.pem \
> -a /usr/share/ssl/trusted -v 3 -S 0 \
> -A /etc/httpd/conf/ssl.crt/ca-bundle.crt
>
> The /usr/share/ssl/trusted is a directory containing the list of
> certificates (in PEM format) of the users authorized to access to the
> IMAP server. If their certificate is present in this directory, the
> access is granted. Otherwise, the access is forbidden. This means that
> you have to update each certificate in this directory every time it is
> renewed.
>
> Note that the users will have to type a login and password anyway.
>
> Hope this helped.
>
> Roland.
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic