is a self signed certificate always invalid the first time?

voytek at sbt.net.au voytek at sbt.net.au
Fri Aug 18 10:12:42 EEST 2017


On Fri, August 18, 2017 5:02 pm, Michael Felt wrote:
> On 8/11/2017 1:29 PM, Ralph Seichter wrote:

>>> And, Ralph, I salute you. I have never been able to be disciplined
>>> enough to be my own CA.
>> I encourage you to look into the subject again.
>>
> I actually have been, which is why I could give a near sensible reply.
> Thanks for the encouragement!
>
>> With the advent of Let's
>> Encrypt, free certs for the masses have become a thing, but if you need
>> more than 3 months validity, want to create certs for Intranet-devices
>> (routers, local servers), or just want maximum control over all certs,
>> setting up your own CA is rewarding. While you're at it, no gentleman
>> should not be without DNSSEC, DKIM and DANE these days. ;-)
> I should know all three, but, sadly, only one: two things to add to my
> list of things to research.


I have been reading this with some interest (while trying to migrate
Dovecot, Postfix etc..)

BUT, for a public web server where https is becoming mandatory, I'd still
need a certificate from a recognized publisher, to avoid users geting
'warnings', is that so ?

(I'm currently using self issued for both mail and web)

thanks,

V




More information about the dovecot mailing list