docecot SSL/TLS without certificate
lists at gooch.io
Wed May 20 13:29:37 UTC 2015
On 5/20/2015 5:36 AM, Ernie Luzar wrote:
> Is there some way to configure Dovecot pop3 server to provide TLS
> without Dovecot needing a certificate?
As far as I know that's not how TLS works.
> The self signed cert that the
> Dovecot manual shows you how to make is flagged as invaild / un-trusted
> every time my thunderbird mail reading client fetches mail and I have to
> answer question about accepting it.
You could buy a certificate from one of the certificate authorities
Thunderbird trusts. Apparently you can get free ones from StartSSL - not
sure if Thunderbird trusts them though.
> I see Dovecot has option to require client to also have a certificate
> but no where does the Dovecot manual talk about what this certificate is
> or how to build it. Will importing the Dovecot certificate to
> Thunderbird stop Thunderbird from issuing that invaild / un-trusted
> certificate error message?
I think you can use a certificate for authentication on the client side.
I don't think that would get rid of the warning for your server's
self-signed cert though. You could also create a CA, create a
certificate signed by that CA, and import the CA's public key into
Thunderbird. Then you wouldn't get the error anymore.
I recommend reading up on how SSL/TLS works!
More information about the freebsd-questions