Free/Busy with OL03 and toltec 2.0

Martin Konold martin.konold at erfrakon.de
Thu Aug 11 19:31:31 CEST 2005


Am Donnerstag 11 August 2005 17:22 schrieb Joon Radley:

Hi Joon,

> The free busy is done by Outlook itself.

Thanks for the insight.

> The root certificate is not 
> installed and when the OL code fails to validate the server certificate it
> fails silently.

Basically this means that it is recommended to import the root certificate of 
the CA which Kolab uses for signing the certficates into the windows SSL CA 
store.

IIRC this is best achieved when exporting the current public part of the CA 
using 

	openssl x509 -in ca.pem -outform DER -out ca.der

and then offering it via 

	http://kolab.tld/admin/ca/ca.der 

and the mime-type 

	application/x-x509-ca-cert .

We then would advice the user to import the ca.der by clicking on the above 
URL from within IE.

I therefore propose that we add the above service offering the ca.der to Kolab 
HEAD and maybe Kolab 2.1.

In addition I think that other browsers on the windows platform like Firefox 
or Opera implement their own store for CA certificates which are of no use 
for Outlook freebusy purposes.

> The Toltec Connector use OpenSSL for the IMAP4 encryption that works very
> well with the self signed certificate generated by the Kolab server for the
> Cyrus-IMAP server.

Is there any way to make sure that Toltec does not accept any self signed 
certificate?

Yours,
-- martin

-- 
http://www.erfrakon.com/
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker




More information about the users mailing list