On Freitag 03 November 2006 11:00, Gerard Seibert wrote:
On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
Unfortunately, Outlook makes trouble with self signed SSL certs: It requires to accept the certificate again after every restart, what is very annoying for the users and makes it hard to recognize forged certs. So you will have the choice to allow password sniffing, annoy your users, buy an official cert - or to get a decent mail client installed.
I would vote for the 'Official Cert' option. Seriously, unless you are running a home based operation, why would you not be employing a properly signed certificate. After all, if you are offering SSL on your mail server, you are going to need a signed certificate or else risk having problems with other servers that are going to flag your server form using self signed certificates.
I am only speaking about IMAP/POP3 servers here. What other server is supposed to access an IMAP or POP3 server? Sure an official cert is better, but it also costs extra money.
As long as an IMAP/POP3 server is only accessed from inside a company and not available from outside, self signed is fine for me. Most clients will only warn when the cert has changed. If the cert has been renewed after a year or such, people can still verify the signature from other sources, but not every day.
Amon.
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22