Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

imap_ssl_cert(7) [debian man page]

IMAP_SSL_CERT(7)					User Contributed Perl Documentation					  IMAP_SSL_CERT(7)

NAME

       imap_ssl_cert - connects to an IMAP server using SSL and saves the server certificate into a .pem file

SYNOPSIS

	imap_ssl_cert -H imap.server.com > server_ca_file.pem
	imap_ssl_cert -?
	imap_ssl_cert --help

DEPENDENCIES

       This utility requires the following perl modules to be installed:

       Getopt::Long Mail::IMAPClient IO::Socket::SSL Net::SSLeay

OPTIONS

       --timeout <seconds>
	   Abort with critical status if it takes longer than <seconds> to connect to the IMAP server. Default is 60 seconds.  The difference
	   between timeout and critical is that, with the default settings, if it takes 45 seconds to connect to the server then the connection
	   will succeed but the plugin will return CRITICAL because it took longer than 30 seconds.  Also known as: -t <seconds>

       --hostname <server>
	   Address or name of the IMAP server. Examples: mail.server.com, localhost, 192.168.1.100 Also known as: -H <server>

       --port <number>
	   Service port on the IMAP server. Default is 143. If you use SSL, default is 993.  Also known as: -p <number>

       --verbose
	   Display additional information. Useful for troubleshooting.

	   Also known as: -v

       --version
	   Display plugin version and exit.  Also known as: -V

       --help
	   Display this documentation and exit.  Also known as: -h

       --usage
	   Display a short usage instruction and exit.

EXAMPLES

   Print the server's SSL certificate chain
	$ perl imap_ssl_cert.pl -H imap.server.com > ca_file.pem
	$ cat ca_file.pem

	-----BEGIN CERTIFICATE-----
	MIID1zCCAr+gAwIBAgIQPr3bVk0SkuXygjxgA7EVGDANBgkqhkiG9w0BAQUFADA8
	[...snip...]
	0FF4warjskrfqaVtWeIV58LJheaM4cPJkc2M
	-----END CERTIFICATE-----

	$ openssl x509 -in ca_file.pem -text

SEE ALSO

       http://en.wikipedia.org/wiki/X.509 http://en.wikipedia.org/wiki/Privacy_Enhanced_Mail http://tools.ietf.org/html/rfc1422
       http://search.cpan.org/~mikem/Net-SSLeay-1.42/lib/Net/SSLeay.pm
       http://search.cpan.org/~plobbes/Mail-IMAPClient-3.29/lib/Mail/IMAPClient.pod

CHANGES

	Fri Nov 11 03:38:13 AST 2011
	+ version 0.1

AUTHOR

       Jonathan Buhacoff <jonathan@buhacoff.net>

COPYRIGHT AND LICENSE

	Copyright (C) 2011 Jonathan Buhacoff

	This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>.

	http://www.gnu.org/licenses/gpl.txt

perl v5.14.2							    2012-07-02							  IMAP_SSL_CERT(7)

Check Out this Related Man Page

CIPUX_MKCERTKEY(1p)					User Contributed Perl Documentation				       CIPUX_MKCERTKEY(1p)

NAME

       cipux_mkcertkey - simple script to generate certificate for stunnel

VERSION

       version 3.4.0.0

SYNOPSIS

	       cipux_mkcertkey

REQUIRED ARGUMENTS

       None.

ABSTRACT

       In order to add security to your XML-RPC server you should generate a certificate. This script shows a simple method to do that. You have
       to take the responsibility by yourself to make sure you understand what you do.

DESCRIPTION

       Generates a certificate and a key in /etc/cipux/stunnel.

USAGE

	cipux_mkcertkey

OPTIONS

       None.

CERTIFICATE

       Each SSL enabled XML-RPC server needs to present a valid X.509 certificate to the peer and it also needs a private key to decrypt the
       incoming data.  The easiest way to obtain a certificate and a key is to generate them with the free openssl package. You can find more
       information on certificates generation below.  The certificates must be in PEM format and must be sorted starting with the certificate to
       the highest level (root CA)

       Two things are important when generating the certificate-key pairs.(1) Because the server has no way to obtain the password from the user, the private key cannot be encrypted.  To create an unencrypted key
       add the "-nodes" option when running the req command from the openssl kit.(2) The order of contents of the .pem file is also important. It should contain the unencrypted private key first, then a signed
       certificate (not certificate request). There should be also empty lines after certificate and private key.  Plaintext certificate
       information appended on the top of generated certificate should be discarded. So the file should look like this:

		    -----BEGIN RSA PRIVATE KEY-----
		    [encoded key]
		    -----END RSA PRIVATE KEY-----
		    [empty line]
		    -----BEGIN CERTIFICATE-----
		    [encoded certificate]
		    -----END CERTIFICATE-----
		    [empty line]

       This can be stored in one file or in two files. This script stores the in to files to have the flexibility to use the certificate in other
       location. This to files will be created:

	stunnel-cert.pem
	stunnel-key.pem

DIAGNOSTICS

       TODO: write explanations to the messages.

       "Cannot find certificate configuration: %s"
       "Cannot find openssl executable: %s"
       "Directory to store certs do not exist: %s"
       "Directory to store certs is not save!..."
	    Directory to store certs is not save!
	    Should be for example:
	    drwx------ 2 root root 4096 2008-04-17 21:15 /etc/cipux/stunnel

       "Cannot execute %s"
       "Can not close %s"
       "Can not print to STDOUT!"
       "%s not known to the system!"

CONFIGURATION

       TODO.

DEPENDENCIES

       Carp CipUX File::stat Cwd POSIX Readonly Fatal English version

INCOMPATIBILITIES

       Not known.

BUGS AND LIMITATIONS

       Not known.

SEE ALSO

       See the CipUX webpage and the manual at <http://www.cipux.org> See the mailing list http://sympa.cipworx.org/wws/info/cipux-devel
       <http://sympa.cipworx.org/wws/info/cipux-devel>

AUTHOR

       Christian Kuelker  <christian.kuelker@cipworx.org>

LICENSE AND COPYRIGHT

       Copyright (C) 2008 by Christian Kuelker

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation,
       Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

perl v5.14.2							    2012-01-04						       CIPUX_MKCERTKEY(1p)
Man Page