Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 May 2015 13:32:29 -0400
From:      John Johnstone <jjohnstone@tridentusa.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: docecot SSL/TLS without  certificate
Message-ID:  <555CC52D.4030507@tridentusa.com>
In-Reply-To: <555C7FDC.5050706@gmail.com>
References:  <555C7FDC.5050706@gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 5/20/2015 8:36 AM, Ernie Luzar wrote:
> Is there some way to configure Dovecot pop3 server to provide TLS
> without Dovecot needing a certificate? The self signed cert that the
> Dovecot manual shows you how to make is flagged as invaild / un-trusted
> every time my thunderbird mail reading client fetches mail and I have to
> answer question about accepting it.
>
> I see Dovecot has option to require client to also have a certificate
> but no where does the Dovecot manual talk about what this certificate is
> or how to build it. Will importing the Dovecot certificate to
> Thunderbird stop Thunderbird from issuing that invaild / un-trusted
> certificate error message?

When Thunderbird makes a secure connection to an untrusted server it 
puts up the Add Security Exception prompt.  At the bottom is a checkbox 
for Permanently store this exception.  Just check that and you will only 
have to confirm the exception that one time.  Thunderbird will store the 
certificate.  You can take a look at it under Options > Advanced > 
Certificates > View Certificates.

You won't need a client certificate.

This is a fairly old article on SSL/TLS but most of it is probably still 
valid.

https://tidbits.com/article/9049

You can read up on similar articles to help understand all of this.

-
John J.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?555CC52D.4030507>