From owner-freebsd-questions@FreeBSD.ORG  Fri Jul 30 19:23:58 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E7A2B16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 30 Jul 2004 19:23:58 +0000 (GMT)
Received: from out001.verizon.net (out001pub.verizon.net [206.46.170.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7976143D49
	for <freebsd-questions@freebsd.org>;
	Fri, 30 Jul 2004 19:23:58 +0000 (GMT)	(envelope-from cswiger@mac.com)
Received: from [192.168.1.3] ([68.161.100.95]) by out001.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20040730192252.KQYB25313.out001.verizon.net@[192.168.1.3]>;
          Fri, 30 Jul 2004 14:22:52 -0500
Message-ID: <410AA009.7000702@mac.com>
Date: Fri, 30 Jul 2004 15:22:49 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.1) Gecko/20040707
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Tom Limoncelli <tal@whatexit.org>
References: <9C51062C-E0E9-11D8-B4EB-000D93C2342A@whatexit.org>
In-Reply-To: <9C51062C-E0E9-11D8-B4EB-000D93C2342A@whatexit.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out001.verizon.net from
	[68.161.100.95] at Fri, 30 Jul 2004 14:22:52 -0500
cc: freebsd-questions@freebsd.org
Subject: Re: Setting up good certs for ports/mail/imap-uw?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2004 19:23:59 -0000

Tom Limoncelli wrote:
> The instructions for ports/mail/imap-uw tell you that "make cert" 
> generates certs that are self-signed and warns you that it is better to 
> get "real" certs but doesn't explain how to do that.  Any suggestions?

"real" certs are ones signed by a well-known registrar like Verisign, EnTrust, 
Thawte, etc.  To get one, you generate a CSR (certificate signing request) as 
done in "make cert", only you send that CSR to the registrar and pay them to 
sign it, very much like one does when getting a "real" SSL cert to do HTTPS.

There is nothing magic about the well-known registrars, except that their CA 
certificates already ship as pre-trusted with the email clients and web 
browsers that most people use.

-- 
-Chuck