So, I want to encrypt my POP3 with SSL. I enabled pop3s in Xinetd, and set Outlook Express (talk about me being into security, eh?) to use SSL with my server, port 995. THings work fine, except the default cert is invalid. So I made a new ipop3.pem out of the server.key and server.crt used for a website on the server. Aside from having to get email from www.thedomain.com (instead of mail), it works great. I used a packet sniffer and no passwords or sensitive data are being sent.
But, How careful should I be with my server.key? It looks like the cert itself is thrown around everywhere, but the key I don't know about it. All I know is that two years ago I followed some instructions to make one, and not much has told me about the importance/significance of the key.
But, How careful should I be with my server.key? It looks like the cert itself is thrown around everywhere, but the key I don't know about it. All I know is that two years ago I followed some instructions to make one, and not much has told me about the importance/significance of the key.
Facebook
Twitter