IncludeCertTestImap < CF

CF Web>CertMaintenanceCollapsed>IncludeCertTestImap (2013-07-08, AdrianPepper) (raw view)

---+ Test SSL Imap Connection
<!-- <pre>
    // IncludeCertTestImap
    // 
    // (Aside: TWiki H1 style is not nice)
    // 
    // This page was primarily designed for inclusion where necessary,
    // but might work well stand-alone, especially with the careful use of
    // the STARTINCLUDE and STOPINCLUDE "variables" which allow a header
    // and footer, although not generalized creation of differences in
    // included and non-included forms.
    // 
    // Note the line after STARTINCLUDE.
    // The CFADRIANGADGETINCLUDE variable renders as a link which 
    // makes it easy for a reader to get to the inclusion to edit it,
    // although the rendered presentation does not seem fully intuitive yet.
    //
</pre>-->
To see how this inclusion page fits in with similar ones, perhaps see one of
   * CertMaintenanceCollapsed
   * CertificateUpdates
---
<!-- Bah!  You don't seem to be able to have multiple STOP/STARTINCLUDE -->
%STARTINCLUDE%
---++ Testing a Recently Changed Mail Server Certificate
%CFADRIANGADGETINCLUDE%
    It is not easy to check what certificate is being presented using
    the *[[ThunderBird]]* mail client.   

    However, you should verify that both host certificate and the 
    _OrganizationSSL Intermediate Root Certificate_
    have been installed correctly.
    *[[ThunderBird]]* will show you the chain of certificates.

    You can ensure *[[ThunderBird]]* gets the certificates from the mail server
    by creating a new, empty profile using

<pre>
    arpepper@cscfpc20:~$ thunderbird -no-remote -ProfileManager
</pre>

    Choose "Create Profile" and then complete the one-step wizard to
    create a new empty profile (you just need to choose a name).
    Then click on that profile to start a session using it.
    You will be asked to set up an account.
    When asked for imap and smtp server, enter a version of the name
    which will not actually match the full name in the certificate
    you wish to test.
    For example, enter just *plg.cs*
    instead of *plg.cs.uwaterloo.ca*.
    If the host uses *imaps* and not *TLS* under *imap* the profile
    will fail initially, and you will need to find and click
    [View settings for this account] and [Server Settings] and  change
    the connection type to *SSL*.
    If you then click on *Inbox*,
    you should get a warning about the name mismatch, in a dialog
    box which allows you to [View Certificate].

       [Details]

    should show you the Intermediate Certificate as
    _GlobalSign Organization Validation CA_; you should be able to
    confirm its validity dates  (Although the procedure is a little painful).
    There does not appear to be any way to save or export any of the
    certificates.

    Although this facility should remain available in future
    *[[ThunderBird]]*, details of the interface will probably change.

    For tidiness, you probably want to immediately delete your new
    profile using the dialog generated by:
<pre>
    arpepper@cscfpc20:~$ thunderbird -no-remote -ProfileManager
</pre>
    and then selecting it for [Delete].

%STOPINCLUDE%

---++ Using openssl command to check Mail Server Certificates

%INCLUDE{IncludeCertTestOpenssl}%


---

%INCLUDE{CF.IncludeAdrianReferers}%


-- Main.AdrianPepper - 2013-Jul-08

Topic revision: r6 - 2013-07-08 - AdrianPepper

Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.

Other Webs

My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images

Edit