Date: Wed, 20 May 2015 06:22:09 -0700 From: Jesse Gooch <lists@gooch.io> To: freebsd-questions@freebsd.org Subject: Re: docecot SSL/TLS without certificate Message-ID: <555C8A81.4060601@gooch.io> In-Reply-To: <555C7FDC.5050706@gmail.com> References: <555C7FDC.5050706@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/20/2015 5:36 AM, Ernie Luzar wrote: > Is there some way to configure Dovecot pop3 server to provide TLS > without Dovecot needing a certificate? As far as I know that's not how TLS works. > The self signed cert that the > Dovecot manual shows you how to make is flagged as invaild / un-trusted > every time my thunderbird mail reading client fetches mail and I have to > answer question about accepting it. You could buy a certificate from one of the certificate authorities Thunderbird trusts. Apparently you can get free ones from StartSSL - not sure if Thunderbird trusts them though. > I see Dovecot has option to require client to also have a certificate > but no where does the Dovecot manual talk about what this certificate is > or how to build it. Will importing the Dovecot certificate to > Thunderbird stop Thunderbird from issuing that invaild / un-trusted > certificate error message? I think you can use a certificate for authentication on the client side. I don't think that would get rid of the warning for your server's self-signed cert though. You could also create a CA, create a certificate signed by that CA, and import the CA's public key into Thunderbird. Then you wouldn't get the error anymore. I recommend reading up on how SSL/TLS works!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?555C8A81.4060601>