[clue-tech] SSL IMAP

[Warren Turkal]

On Wednesday 23 May 2007 23:57, Mike Staver wrote:
> I am a moron when it comes to the basics of SSL when it's not related to
> a website.  I would like to encrypt my email now that I have my new
> CentOS install completed.  I took some of your advice and I started
> using DoveCot along with Sendmail, and things seem to be going well.  I
> am currently using SSL, but it's a self signed cert obviously.  My
> question is, to get a signed cert do I have to pay Thawte or Verisign
> for it, or can I have anybody sign it to make the thunderbird warning go
> away?

You need some PKI theory to really understand what is going on here. Here's 
the I'm-too-tired version. You need a certificate signed by a trusted 
Certifying Authority (CA). There are many CAs trusted by default in 
Thunderbird, including the big ones like Verisign and Thawte. However, you 
could just import your own CA certificate into Thunderbird and it would trust 
your CA as much as the others. This method is only so scalable, however. 
You'd have to trust the CA certificate on every box that you use your mail 
server from. Also, you could do something like CAcert.org, but the CAcert.org 
CA certificate is not trusted in Thunderbird by default that I know of.

wt
-- 
Warren Turkal (w00t)