From owner-freebsd-questions@FreeBSD.ORG Wed May 20 12:36:44 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 64CE7993 for ; Wed, 20 May 2015 12:36:44 +0000 (UTC) Received: from mail-ie0-x233.google.com (mail-ie0-x233.google.com [IPv6:2607:f8b0:4001:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2C71A115C for ; Wed, 20 May 2015 12:36:44 +0000 (UTC) Received: by iesa3 with SMTP id a3so37829785ies.2 for ; Wed, 20 May 2015 05:36:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=DdyvsJRJFwNuf1jg04djOCQGeNQeTgmKP5T2ZX9u2Ks=; b=rDiOIy4Be9EMxUmOUEC8J9REU910HZczS5xoDoU0xAC56DLQMW9FSKc5uq1c16ICzt l4SwuGwWlB5n+rkILrLpA1gbD9kDIoxicNiD9HNKQRRYSzPFMW9oZIAFT8Gzovrx2/2k aTW8a2jc1GKzm/4h0UJ3Vp9IfSwqQLWpLQhU75sLLGJHP6N2H5AxVZMn3tJAlnNbwNII Sdt8EJcEWsR43YClqCuEcdAMlyxG4k0NfRuKMoLRPQxkX9wDW5XYTbWa6PUh4TrwemUS ymm+Kd1i9Bll74p4qX6j90Smt04mpq7DcOXruZyLoQanWWMWU7mPvWr7DTe8kKkAwDPu 45iQ== X-Received: by 10.43.58.201 with SMTP id wl9mr45917954icb.37.1432125402899; Wed, 20 May 2015 05:36:42 -0700 (PDT) Received: from [10.0.10.5] (cpe-76-190-244-6.neo.res.rr.com. [76.190.244.6]) by mx.google.com with ESMTPSA id j124sm12267343ioj.22.2015.05.20.05.36.42 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 20 May 2015 05:36:42 -0700 (PDT) Message-ID: <555C7FDC.5050706@gmail.com> Date: Wed, 20 May 2015 08:36:44 -0400 From: Ernie Luzar User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" Subject: docecot SSL/TLS without certificate Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 12:36:44 -0000 Is there some way to configure Dovecot pop3 server to provide TLS without Dovecot needing a certificate? The self signed cert that the Dovecot manual shows you how to make is flagged as invaild / un-trusted every time my thunderbird mail reading client fetches mail and I have to answer question about accepting it. I see Dovecot has option to require client to also have a certificate but no where does the Dovecot manual talk about what this certificate is or how to build it. Will importing the Dovecot certificate to Thunderbird stop Thunderbird from issuing that invaild / un-trusted certificate error message?