Imap Blues - RH9 - ipop3d

Hi,

I am trying to setup Imap capabilities on my server, jungleg.com hosted at linode.

I setup the UW-Imap application, generated the keys using openssl, and have it set to listen on port 995. (I followed this tutorial http://www.vanemery.com/Protocols/POP/p … howto.html">http://www.vanemery.com/Protocols/POP/pop3-rh9-howto.html)

I try to access it from Thunderbird, and I get an error "could not get access because certificate is invalid or corrupted".

This is the dialog I am getting from a remote location, thanks for any direction!!!

fetchmail: 6.2.0 querying www.jungleg.com (protocol IMAP) at Sat Mar 12 15:16:04 2005: poll started

fetchmail: Issuer Organization: JungleG Inc.

fetchmail: Issuer CommonName: www.jungleg.com

fetchmail: Server CommonName: www.jungleg.com

fetchmail: www.jungleg.com key fingerprint: 33:54:20:E3:41:0A:37:A8:CB:39:62:F5:89:97:EE:EA

fetchmail: Warning: server certificate verification: self signed certificate

fetchmail: Issuer Organization: JungleG Inc.

fetchmail: Issuer CommonName: www.jungleg.com

fetchmail: Server CommonName: www.jungleg.com

fetchmail: Warning: server certificate verification: certificate signature failure

fetchmail: Issuer Organization: JungleG Inc.

fetchmail: Issuer CommonName: www.jungleg.com

fetchmail: Server CommonName: www.jungleg.com

fetchmail: Warning: server certificate verification: certificate signature failure

fetchmail: IMAP< +OK POP3 li7-233.members.linode.com v2001.78rh server ready

fetchmail: IMAP> A0001 CAPABILITY

fetchmail: IMAP< -ERR Unknown AUTHORIZATION state command

fetchmail: IMAP< -ERR Autologout; idle for too long

fetchmail: Unknown login or authentication error on jorescobar@jungleg.com

fetchmail: socket error while fetching from www.jungleg.com

fetchmail: 6.2.0 querying www.jungleg.com (protocol IMAP) at Sat Mar 12 15:19:04 2005: poll completed

fetchmail: Query status=2 (SOCKET)

fetchmail: normal termination, status 2

3 Replies

After wasting weeks tryng to get IMAP installed (sasl authorisation errors), I downloaded http://www.dovecot.org/ and got IMAP working in an hour.

jungleg: Your certificate is self-signed. That alone will cause a lot of programs to at least ask the user whether or not to accept it. I don't know how Thunderbird works but somewhere there'll probably be an option to let you accept invalid or suspect SSL certificates - turn it on and then when you use it on your server, accept the certificate. Hopefully it should work then.

I found this guide http://hublog.hubmed.org/archives/001075.html helpful in setting up SSL.

You need to first generate a root CA certificate.

This then signs certs for various services.

The root cert needs to be installed on client computers in order avoid the nasty invalid cert error.

I haven't used thunderbird, but you should be able to browse to the ca.crt root CA certificate generated using firefox and it will give the option of installing it for mail purposes.

I have self signed a root cert and I'm currently using it for a OSX client (Entourage) and Outlook2003 on XP.

In XP you can doubleclick the ca.crt file to install.

I can't remember exactly how I did the OSX install, a bit trickier had to use some x509_auth or some such program to get the keychain to accept.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct