[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mozilla-crypto
Subject:    Re: simap client authentication
From:       Bert Koelewijn <bertkoelewijn () brouwervanveen ! nl>
Date:       2003-07-02 7:12:22
[Download RAW message or body]

It's working very nice! I'm using -v 2 and our CA Cert.

THANKS!

Roland Dirlewanger wrote:

> Bert Koelewijn wrote:
> 
>> is it possible with mozilla to present a client certificate to a simap 
>> server? I'm using stunnel to do imap over ssl and want mozilla to 
>> authenticate with a certificate.
> 
> 
> Mozilla won't present a certificate if the server doesn't explicitly 
> require it. So, the configuration has to be done on the server's side.
> 
> For stunnel, just use the "-v 3" option.
> 
> Currently, I use the following arguments to stunnel (3.22) to do this
> 
> /usr/sbin/stunnel -l /usr/sbin/imapd \
>   -p /usr/share/ssl/certs/imapd.pem  \
>   -a /usr/share/ssl/trusted -v 3 -S 0 \
>   -A /etc/httpd/conf/ssl.crt/ca-bundle.crt
> 
> The /usr/share/ssl/trusted is a directory containing the list of 
> certificates (in PEM  format) of the users authorized to access to the 
> IMAP server. If their certificate is present in this directory, the 
> access is granted. Otherwise, the access is forbidden. This means that 
> you have to update each certificate in this directory every time it is 
> renewed.
> 
> Note that the users will have to type a login and password anyway.
> 
> Hope this helped.
> 
> Roland.
> 

[prev in list] [next in list] [prev in thread] [next in thread]