* Joyce, Matthew (MJoyce@ccia.org.au) [030501 22:23]: > > Hi, > > I have a woody/appache-ssl/imp webmail system, which has been working fine. > This week I have been playing with stunnel on that machine and now my mac > users cannot connect to the webmail. > "the certificate is invalid" > > When I try using a PC I am offered to accept/decline/view the cert, this is > normal, and it still works if I accept. > The same thing used to happen on the Macs. > > Any ideas what I have done, and how I can fix it ? Well, here's an idea, but I'm not sure it'll work for your particular case (I've never tested IE/mac's behavior). For my own certs, I have created a CA keypair, and all of my certs are signed by that key. I made the CA's cert available for download and instructed my clients to go to that URL and tell their browser to accept the cert and use it to certify web servers. Now, whenever they use any of my ssl services signed by my CA key, they don't get hassled any more than if I was using a verisign cert (no errors, no warnings, it just works). If you want to test to see if this approach will work before going through the process of creating the CA and re-creating certs for your https service, you can try to see what happens with that browser at http://doorstop.net/ca.crt If it asks you if you want to accept the cert, then it should work. I've tested it with IE/win, mozilla/win and mozilla/linux. After accepting the CA cert once, all of the signed certs just work for https, imap/ssl, etc. Anything that uses the same certificate store on the client will be happy. That means do it once in your mozilla browser, and it just works for mozilla mail. Do it in IE, and it works in outlook and OE (And various 3rd-party apps that use IE's security stores). good times, Vineet -- http://www.doorstop.net/ -- --Nick Moffitt A: No. Q: Should I include quotations after my reply?
Description: PGP signature