Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 May 2015 13:32:29 -0400
From:      John Johnstone <>
Subject:   Re: docecot SSL/TLS without  certificate
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 5/20/2015 8:36 AM, Ernie Luzar wrote:
> Is there some way to configure Dovecot pop3 server to provide TLS
> without Dovecot needing a certificate? The self signed cert that the
> Dovecot manual shows you how to make is flagged as invaild / un-trusted
> every time my thunderbird mail reading client fetches mail and I have to
> answer question about accepting it.
> I see Dovecot has option to require client to also have a certificate
> but no where does the Dovecot manual talk about what this certificate is
> or how to build it. Will importing the Dovecot certificate to
> Thunderbird stop Thunderbird from issuing that invaild / un-trusted
> certificate error message?

When Thunderbird makes a secure connection to an untrusted server it 
puts up the Add Security Exception prompt.  At the bottom is a checkbox 
for Permanently store this exception.  Just check that and you will only 
have to confirm the exception that one time.  Thunderbird will store the 
certificate.  You can take a look at it under Options > Advanced > 
Certificates > View Certificates.

You won't need a client certificate.

This is a fairly old article on SSL/TLS but most of it is probably still 

You can read up on similar articles to help understand all of this.

John J.

Want to link to this message? Use this URL: <>