On 08/06/2008 Vincent Fox wrote:
Did you have the CA for your Exchange box stored
on the Perdition system? I recall at least on my RedHat
boxes I had to put a copy in place, e.g.
ssl_ca_file /etc/perdition/perdition.ca.pem
I did try copying the Exchange CA file to the perdition machine but I was lost
when trying to convert the key to the pem format. The debug showed me that I
was accessing the key, but the connection to the exchange server fell down.
It is preferred to have the users connect to the
open port (143) and then require TLS negotiation.
[ munch ]
For wireless devices too? In that scheme I guess the TLS negotiation happens
before the password is sent?
A little harder to config on the iphones. They want SSL on 993. Then they fall
back to no SSL if the SSL validation fails. I don't think there is a way to
configure them for TLS.
Regs
-Dean