[Dovecot] client certs with godaddy ssl cert
mouss
mouss at netoyen.net
Mon Sep 29 10:53:49 EEST 2008
Harondel J. Sibble wrote:
>
> On 27 Sep 2008 at 13:22, mouss wrote:
>
>> if you have a commercial cert, you don't need a self signed cert. self
>> signed certs are for people who don't want to get a cert signed by a 3d
>> party (commercial or other). For email, you generally don't need a
>> commercial certificate because your users know you and you know them,
>> and because users don't connect to thousand imap servers.
>
> Huh? I am looking to implement client side certificates which have to be
> installed on the end user device before they are able to connect to my
> mailserver.
>
sorry, I missed the "client" part.
but if you sign the client certificate, the commercial CA becomes
irrelevant.
> I already have a commercial cert on the mailserver so that's a moot point.
> Secondly a client cert allows me to verify that the device connecting is
> allowed, this is secondary to any login info the user may have, ie 2 factor
> authentication, something you know (uid/password) and something you have
> (certificate).
Will you consider any certificate signed by the commercial CA as valid?
if so, then you don't need to sign the certificates if you use only one CA.
what would be nice would be the support of a db of fingerprints (as in
postfix) so that one can accept certificates independently of the CA,
and only accept "authorized" ones.
More information about the dovecot
mailing list