[clue-tech] SSL IMAP
David L. Anselmi
anselmi at anselmi.us
Fri May 25 11:14:12 MDT 2007
Mike Staver wrote:
> I am a moron when it comes to the basics of SSL when it's not related to
> a website. I would like to encrypt my email now that I have my new
> CentOS install completed. I took some of your advice and I started
> using DoveCot along with Sendmail, and things seem to be going well. I
> am currently using SSL, but it's a self signed cert obviously. My
> question is, to get a signed cert do I have to pay Thawte or Verisign
> for it, or can I have anybody sign it to make the thunderbird warning go
> away?
What warning are you getting?
I assume you're connecting to DoveCot with SSL and Thunderbird complains
about not trusting the DoveCot cert. Is that it? Not quite encrypting
your email, which is a completely different discussion.
So as has been said, you have to put your signing cert in Thunderbird to
stop the complaints. If I were doing that for my mail server and
clients, I'd just make a package to install my signing cert and install
it with the rest of the software I maintain--you probably already have
one like it that your distro uses to give you the certs they want to trust.
If you want the anonymous public to use your cert, or people whose
machines you don't control, then a recognized CA would be a better choice.
(It takes effort to run a CA correctly, and more effort to convince the
browser vendors that you do that. So a community CA like CACert might
be as close as you get.)
Dave
More information about the clue-tech
mailing list