>> the server name shows up as the CN in the server certificate,
>> for example.
>
> i use the same certificate but I added all three names, ie.
>
> CN=pop.xxx.com
> CN=smtp.xxx.com
> CN=www.xxx.com
>
Didn't know you could modify a cert purchased from a CA. Or are you saying
when you originally created it or renew it you added the names?
> That way, pop3, smtp and https can use the same certificate and the clients
> won't complain of a name mismatch.
>
> BTW, slightly off topic, if you're trying to do pop3 over TLS with MS
> outlook you may run into a problem with it not being able to negotiate a TLS
> connection in-band on port 995 ("alternate-port" terminology in qpopper). I
> had to add another port (i just used 996) that was configured as a
> non-inband negotiated TLS ("stls" terminology in qpopper) and pointed my MS
> outlook people at it (with SSL enabled).
>
> That is, if that is what you're trying to do...
>
Well, what I'd like is to have secure authentication so cleartext passwords
aren't sent.
I just built ipop3d with ssl and was testing it.
Is this the best way to do secure auth?
> -lee
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
http://www.systame.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
