Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 May 2015 06:22:09 -0700
From:      Jesse Gooch <lists@gooch.io>
To:        freebsd-questions@freebsd.org
Subject:   Re: docecot SSL/TLS without  certificate
Message-ID:  <555C8A81.4060601@gooch.io>
In-Reply-To: <555C7FDC.5050706@gmail.com>
References:  <555C7FDC.5050706@gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 5/20/2015 5:36 AM, Ernie Luzar wrote:
> Is there some way to configure Dovecot pop3 server to provide TLS
> without Dovecot needing a certificate?

As far as I know that's not how TLS works.

> The self signed cert that the
> Dovecot manual shows you how to make is flagged as invaild / un-trusted
> every time my thunderbird mail reading client fetches mail and I have to
> answer question about accepting it.

You could buy a certificate from one of the certificate authorities
Thunderbird trusts. Apparently you can get free ones from StartSSL - not
sure if Thunderbird trusts them though.

> I see Dovecot has option to require client to also have a certificate
> but no where does the Dovecot manual talk about what this certificate is
> or how to build it. Will importing the Dovecot certificate to
> Thunderbird stop Thunderbird from issuing that invaild / un-trusted
> certificate error message?

I think you can use a certificate for authentication on the client side.
I don't think that would get rid of the warning for your server's
self-signed cert though. You could also create a CA, create a
certificate signed by that CA, and import the CA's public key into
Thunderbird. Then you wouldn't get the error anymore.

I recommend reading up on how SSL/TLS works!



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?555C8A81.4060601>