LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Certificate with OpenSSL (http://www.linuxquestions.org/questions/linux-security-4/certificate-with-openssl-99547/)

gr33ndata 10-02-2003 05:16 PM

Certificate with OpenSSL
 
Hmmmm
I wanted to encrypt/sign my emails in outlook

So I made myself a self signed root certificate with linux/openssl
openssl req command:
"openssl genrsa -out key.pem 1024"
"openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.crt"

And then added it in my windows trusted certificate

Later in outlook i tried to sign/encryp a mail with it (S/MIME)
I received the following error:
"Microsoft Outlook had problems encrypting the message because the following recepients had missing or invalid certificates, or conflicting or unsupported encryption capabilities"

So I trued to send it signed (without encryption), and I received that error:
"An error occured in the underlying security system"

Can anyone help.
Thanks

Donboy 10-03-2003 12:20 AM

You'll have to let us know what sort of MTA you're using. Qmail? Postfix? You mentioned Outlook is your mail reader and that's kind of the opposite end of where you should be working. You have to work on the server side and get that setup for sending and receiving mail using SSL. Only problem is, it doesn't work like that.

If you want to secure qmail (for example) with a SSL certificate, it's not going to work. You'd have to use an SSL tunnel and pipe your secure mail through another port. I'd really like to do this myself and I'm looking for good tutorials on how to do it, but I'm not finding much. I've looked at www.stunnel.org but I'm having trouble following it myself.

Now on the other hand, if you're wanting to use a web-based email client like Squirrel mail or Webmail, you can SSL enable this using your OpenSSL certificate and configuring your web server to use SSL for this connection. I just finished doing that yesterday night, so I'm pretty familiar with how its done. I used Apache and got a authorized certificate free for 6 months from http://certs.ipsca.com.

The only problem with this is you'll have to depend on your users to use an HTML based email reader for all of their mail, otherwise it's not SSL enabled. POP3 and SMTP would need to be SSL enabled using STunnel or by some similar means.

gr33ndata 10-03-2003 03:01 AM

Hmmm
What you are talking about is securing the mail between me and the server
Ain't there something so I can secure it from End to End ?
Ie. I send my mail encrypted, and only the resepients who will be able to decrypt it ?
Also about the signature, what kind of error was that that came to me ?

Donboy 10-03-2003 08:39 AM

Hmmm... well, I'm probably out of my league now, because I haven't done anything like this before. Try searching for something called PGP which is something you can use to encrypt data for sending over the wire. Or maybe if somebody else here can reply with a more informed explanation, cause I don't know much about it.


All times are GMT -5. The time now is 02:48 PM.