From owner-freebsd-questions@FreeBSD.ORG Wed May 20 17:39:41 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 157BA811 for ; Wed, 20 May 2015 17:39:41 +0000 (UTC) Received: from mail.tridentusa.com (mail.tridentusa.com [96.225.19.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.tridentusa.com", Issuer "mail.tridentusa.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AD7951984 for ; Wed, 20 May 2015 17:39:40 +0000 (UTC) Received: (qmail 99732 invoked from network); 20 May 2015 13:32:58 -0400 Received: from john-j (HELO ?172.16.0.90?) (jjohnstone@tridentusa.com@172.16.0.90) by mail.tridentusa.com with AES128-SHA encrypted SMTP; 20 May 2015 13:32:58 -0400 Message-ID: <555CC52D.4030507@tridentusa.com> Date: Wed, 20 May 2015 13:32:29 -0400 From: John Johnstone User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: docecot SSL/TLS without certificate References: <555C7FDC.5050706@gmail.com> In-Reply-To: <555C7FDC.5050706@gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 17:39:41 -0000 On 5/20/2015 8:36 AM, Ernie Luzar wrote: > Is there some way to configure Dovecot pop3 server to provide TLS > without Dovecot needing a certificate? The self signed cert that the > Dovecot manual shows you how to make is flagged as invaild / un-trusted > every time my thunderbird mail reading client fetches mail and I have to > answer question about accepting it. > > I see Dovecot has option to require client to also have a certificate > but no where does the Dovecot manual talk about what this certificate is > or how to build it. Will importing the Dovecot certificate to > Thunderbird stop Thunderbird from issuing that invaild / un-trusted > certificate error message? When Thunderbird makes a secure connection to an untrusted server it puts up the Add Security Exception prompt. At the bottom is a checkbox for Permanently store this exception. Just check that and you will only have to confirm the exception that one time. Thunderbird will store the certificate. You can take a look at it under Options > Advanced > Certificates > View Certificates. You won't need a client certificate. This is a fairly old article on SSL/TLS but most of it is probably still valid. https://tidbits.com/article/9049 You can read up on similar articles to help understand all of this. - John J.