On Sun, 23 Sep 2007, Timothy Murphy wrote:
> (1) I suspect the problem lies with authentication.
> But how can I test this?
>From past experience (but also came up as #1 when googling "testing
IMAPS" w/o quotes) you should use:
openssl s_client -connect servername:993
If your dovecot does TLS negotiation [not sure if it's the default], you
may also want to use/try:
openssl s_client -starttls imap -connect servername:143
(Caveat: -starttls only supported "smtp" and "pop3" on my
system
[OpenSSL 0.9.8d on Gentoo]. Don't know what the defaults are.)
993/143 can be replaced by imaps/imaps or whatever your ports are.
openssl s_client is a generally-useful tool for SSL/TLS testing
(SMTPS/HTTPS/IMAPS/etc.).
> (2) [ skipping kmail question ]
>
> (3) I guess I don't understand exactly how TLS authentication works.
> Does installing openssl set up the correct certificates
> on server and client?
I had a really hard time with this myself, and I felt like I knew what I
was doing. There are HOWTO's to setup the server-side self-signed
certificates, but for the client-side setup, I went through much of:
Pine+OpenSSL HOWTO - http://www.madboa.com/geek/pine-ssl/
Some(/many?) of the sections are specific to Pine, the email client. But,
any of the sections with openssl commands are generally useful (and, I
think, well-explained).
> Is there any documentation on this?
For the server-side:
http://wiki.dovecot.org/SSL
http://wiki.dovecot.org/SSL/CertificateCreation
http://wiki.dovecot.org/SSL/DovecotConfiguration
The Apache SSL/TLS documentation linked-to from that page [/SSL] looks
good:
http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html
Best,
Ben