Documente Academic
Documente Profesional
Documente Cultură
This document assumes you already have a working SMTP and POP3 server and want to add SSL security for your Windows Outlook clients. This process is suprisingly simple. Personally, I've never been able to get the built-in SSL capabilities of qpopper to work, so I turned to SSLWrap by Rick Kaseguma. It's lightweight, very simple, and is easily adapted to other services such as IMAP, even HTTP. (I did get HTTP to work, however apache redirects keep bouncing the client out of https - ApacheSSL is a much better solution.)
First Step
Download and compile SSLWrap. It requires OpenSSL - make sure that's available and properly linked to in your LD_LIBRARY_PATH. The most recent version should be at http://www.rickk.com/sslwrap/sslwrap.tar.gz. There's no "configure" or "make install" just "make all" Copy the "sslwrap" binary somewhere on your system, such as /usr/local/bin.
Create a certificate
For SSL to work properly, you'll need a server certificate. The server requires a certificate and a private key. The public key is encoded into the certificate and used by the client - both of these are automatically sent to the client when an SSL connection is established. You can either use a certificate issued (signed) by a Certificate Authority such as Thawte, or VeriSign, or, create a self-signed certificate. For this example, I am using a self-signed certificate.
/usr/local/ssl/bin/openssl req -x509 -nodes -days 365 -keyout /usr/local/ssl/certs/server.pem -keyout /usr/local/ssl/certs/server.pem
This creates a self-signed certificate and key pair in file /usr/local/ssl/certs/server.pem. Normally you would keep these files separate, however since SSLWrap doesn't run as root, it needs to be readable. Make sure you enter the full server name for "Common Name" It doesn't necessarily need to be the FQDN, an alias is okay, however it needs to be the name you will use to access the server for the SSL connection to be happy.
etc..
Configure Outlook
For the incoming/outgoing server names, enter the server name you used when creating the certificate. On the Advanced tab, check "This server requires a secure conenction (SSL) for both POP3 and SMTP. Make sure both are configured for the correct port - 465 for SMTP, and 995 for POP3.
Rejoice!
Click Send/Receive mail. If all went well, the connection should complete without error. Good luck!