LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-02-2003, 05:16 PM   #1
gr33ndata
Member
 
Registered: Aug 2003
Location: DMZ
Distribution: Ubuntu
Posts: 144

Rep: Reputation: 15
Certificate with OpenSSL


Hmmmm
I wanted to encrypt/sign my emails in outlook

So I made myself a self signed root certificate with linux/openssl
openssl req command:
"openssl genrsa -out key.pem 1024"
"openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.crt"

And then added it in my windows trusted certificate

Later in outlook i tried to sign/encryp a mail with it (S/MIME)
I received the following error:
"Microsoft Outlook had problems encrypting the message because the following recepients had missing or invalid certificates, or conflicting or unsupported encryption capabilities"

So I trued to send it signed (without encryption), and I received that error:
"An error occured in the underlying security system"

Can anyone help.
Thanks
 
Old 10-03-2003, 12:20 AM   #2
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
You'll have to let us know what sort of MTA you're using. Qmail? Postfix? You mentioned Outlook is your mail reader and that's kind of the opposite end of where you should be working. You have to work on the server side and get that setup for sending and receiving mail using SSL. Only problem is, it doesn't work like that.

If you want to secure qmail (for example) with a SSL certificate, it's not going to work. You'd have to use an SSL tunnel and pipe your secure mail through another port. I'd really like to do this myself and I'm looking for good tutorials on how to do it, but I'm not finding much. I've looked at www.stunnel.org but I'm having trouble following it myself.

Now on the other hand, if you're wanting to use a web-based email client like Squirrel mail or Webmail, you can SSL enable this using your OpenSSL certificate and configuring your web server to use SSL for this connection. I just finished doing that yesterday night, so I'm pretty familiar with how its done. I used Apache and got a authorized certificate free for 6 months from http://certs.ipsca.com.

The only problem with this is you'll have to depend on your users to use an HTML based email reader for all of their mail, otherwise it's not SSL enabled. POP3 and SMTP would need to be SSL enabled using STunnel or by some similar means.
 
Old 10-03-2003, 03:01 AM   #3
gr33ndata
Member
 
Registered: Aug 2003
Location: DMZ
Distribution: Ubuntu
Posts: 144

Original Poster
Rep: Reputation: 15
Hmmm
What you are talking about is securing the mail between me and the server
Ain't there something so I can secure it from End to End ?
Ie. I send my mail encrypted, and only the resepients who will be able to decrypt it ?
Also about the signature, what kind of error was that that came to me ?
 
Old 10-03-2003, 08:39 AM   #4
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Hmmm... well, I'm probably out of my league now, because I haven't done anything like this before. Try searching for something called PGP which is something you can use to encrypt data for sending over the wire. Or maybe if somebody else here can reply with a more informed explanation, cause I don't know much about it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Openssl - verify wheather certificate is revoked djgerbavore Linux - Security 1 11-21-2005 08:20 AM
How to create OpenSSL certificate for use in IIS 6.0 Pastorino Linux - Security 3 09-23-2005 08:50 AM
why can't i generate a new certificate with openssl? achouramira Linux - Security 1 04-28-2005 08:15 AM
OpenSSL + Apache certificate, how? The_Nerd Linux - Software 2 12-26-2004 10:18 PM
Thawte Certificate and OpenSSL jqcaducifer Linux - Security 5 10-16-2003 07:43 PM


All times are GMT -5. The time now is 04:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration