Updated my Dovecot certificate for the first time

Frank-Ulrich Sommer f-u.s at gmx.net
Thu Nov 24 19:22:26 UTC 2016


What would be the use of a self signed cert that is not automatically checked? If you see a warning how can you be sure that the cryptographic key used is correct? Just manually checking the common name displayed lowers the security to almost zero. A big additional disadvantage is that one gets used to ignoring security warnings.

Setting up a "CA" is quite easy and installing the new root certificate in the root store of the devices used is also quite easy.

I switched to a certificate from startssl and of course I generated the key pair on my own and transferred only the CSR (certificate signing request).

Am 24. November 2016 16:37:48 MEZ, schrieb Steve Litt <slitt at troubleshooters.com>:
>On Thu, 24 Nov 2016 07:52:51 +0100 (CET)
>Steffen Kaiser <skdovecot at smail.inf.fh-brs.de> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> On Wed, 23 Nov 2016, Steve Litt wrote:
>> 
>> >On Wed, 23 Nov 2016 16:04:22 -0600 (CST) Greg Rivers
>> ><gcr+dovecot at tharned.org> wrote:  
>> >> $ strings $(whence alpine) | grep '^/.*certs$'
>> >> /etc/ssl/certs  
>> >
>> > The directory or the certs isn't the problem. Alpine sees the
>> > self-signed cert I just made, but complains because it's
>> > self-signed, and gives me the choice between saying "yes" every
>> > time, and just not checking for certs at all.  
>> 
>> "sees the self-signed cert"?
>> Did you've added it as trusted to the CA as Greg said and wrote what
>> to do?
>
>No. I don't want to deal with a third party "Trusted Party": I want  it
>self-signed. What I was looking for was a way Alpine could be set to
>check for a cert, warn if the cert is conflicting, but not warn if it's
>self-signed.
>
>Thanks,
>
>SteveT
>
>Steve Litt 
>November 2016 featured book: Quit Joblessness: Start Your Own Business
>http://www.troubleshooters.com/startbiz

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.


More information about the dovecot mailing list