Free/Busy with OL03 and toltec 2.0
Martin Konold
martin.konold at erfrakon.de
Thu Aug 11 19:31:31 CEST 2005
Am Donnerstag 11 August 2005 17:22 schrieb Joon Radley:
Hi Joon,
> The free busy is done by Outlook itself.
Thanks for the insight.
> The root certificate is not
> installed and when the OL code fails to validate the server certificate it
> fails silently.
Basically this means that it is recommended to import the root certificate of
the CA which Kolab uses for signing the certficates into the windows SSL CA
store.
IIRC this is best achieved when exporting the current public part of the CA
using
openssl x509 -in ca.pem -outform DER -out ca.der
and then offering it via
http://kolab.tld/admin/ca/ca.der
and the mime-type
application/x-x509-ca-cert .
We then would advice the user to import the ca.der by clicking on the above
URL from within IE.
I therefore propose that we add the above service offering the ca.der to Kolab
HEAD and maybe Kolab 2.1.
In addition I think that other browsers on the windows platform like Firefox
or Opera implement their own store for CA certificates which are of no use
for Outlook freebusy purposes.
> The Toltec Connector use OpenSSL for the IMAP4 encryption that works very
> well with the self signed certificate generated by the Kolab server for the
> Cyrus-IMAP server.
Is there any way to make sure that Toltec does not accept any self signed
certificate?
Yours,
-- martin
--
http://www.erfrakon.com/
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
More information about the users
mailing list