How to use ssl with pan the newsreader

Hello,

since pan is itself not able to use a secure connection, you don’t need to give up.
There are a couple of simple steps that you can take to make it work. Trust me, really simple. :slight_smile:
(and this with my little knowledge)

  1. You need to install stunnel

Open your terminal and enter this command.

**sudo zypper install stunnel**

This will install stunnel.

  1. you will need to edit the config file from stunnel.
    To do that, just use your favorite editor or you can also do it with the supervisor edition of dolphin which you will reach via Kickstart [Applications>System>Filemanagers]

On a side note.
If you edit the config file, any line that has no #* or ; in front of it will be interpreted by stunnel as a command. So make sure, that you only remove characters you have to.

We will use for now vi.
Type in the terminal this

**sudo vi /etc/stunnel/stunnel.conf**

Hit the [INSERT] key to insert characters.
Use your cursor and go to the line with
client = no and change it to yes
It should look like this after editing

**client = yes**

After this is done, you can append these lines at the end of the file since they will be most likely not in the config file.

**[nntp]
accept = localhost:119
connect = ssl-my.provider.com:443**

Then exit vi with these command
[ESC][SHIFT] :wq

Before you can use and start stunnel, you need a key. Upon installation, stunnel does not come with a key file. So you need to generate your personal key.
This key you need to generate with these commands.


**openssl genrsa -out priv.pem**

and again with this


**openssl req -new -x509 -key priv.pem -out stunnel.pem -days 1095**

You will have two files. One named priv.pem, the other stunnel.pem.
You need to add the content of priv.pem into stunnel.pem to have a complete key.
Use your favorite editor for this job, or you can use vi of course.
After you did this, you need to set the right attributes to the key file.


**chmod 600 stunnel.pem**

After this is done, you are set to go. Pan doesn’t need to have any changes since it does not understand SSL anyway. For that you have stunnel.

Stunnel should start automatically, or if you want to do it manually with these commands.


**/etc/init.d/stunnel start**
**/etc/init.d/stunnel stop**

This should be it and Pan should now run over SSL.

Hopefully it was easy to understand.

If there are any errors, please let me know. Or revise it if needed.

Thank You.