[Dovecot] question about dovecot imap outlook clients

[Adam McDougall]

On Mon, Mar 10, 2008 at 05:04:19PM -0700, Asheesh Laroia wrote:

  On Mon, 10 Mar 2008, Joseph Norris wrote:
  
>> Questions:
>> 
>> Do I have to get an ssl certificate to make it work?  ( cost ouch!)
>> Is there a way around this using my own self-signed certificates?
>> Is there a cheaper ssl certificate service?
  
  When I was an admin at acm.jhu.edu, I had us use the free certificates for 
  .edu hosts given out by ipsca.com.  They were compatible and 
  well-supported, and signed by the right authorities to have no error 
  messages.  (Except in some totally weird interaction with Mozilla, for 
  which we opened a bug and which I *think* is fixed.)  You can toy with 
  https://secure.acm.jhu.edu/ and connecting via SSL'd IMAP to 
  secure.acm.jhu.edu (port 993).
  
  For my personal servers, I use the "RapidSSL" certificates sold by 
  Geotrust.  I can't seem to find the link for the vendor I use, but they 
  seem to be widely resold for around $10-15 a year.  The only serious 
  complaint I can find on the web is that if you use their bulk purchasing 
  option, be sure to read the fine print - your ability to use the 
  bulk-purchased certificates goes away one year after you purchased them.
  
  As for how to set them up, I always follow the Apache mod_ssl instructions 
  and then use the certificates everywhere else on my system.
  
  As for if any of this is truly "necessary," no idea. (-:  I did it because 
  I wanted SSL/TLS.
  
  -- Asheesh.
  
Godaddy also has cheap SSL certificates.  They give you a certificate and 
another file that contains the chained certificates.  You probably need to
serve both to avoid browsers giving an unhelpful "something is wrong but 
I'm not telling you what" error if the cert chain hierarchy is missing.