On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
Unfortunately, Outlook makes trouble with self signed SSL certs: It requires to accept the certificate again after every restart, what is very annoying for the users and makes it hard to recognize forged certs. So you will have the choice to allow password sniffing, annoy your users, buy an official cert - or to get a decent mail client installed.
I would vote for the 'Official Cert' option. Seriously, unless you are running a home based operation, why would you not be employing a properly signed certificate. After all, if you are offering SSL on your mail server, you are going to need a signed certificate or else risk having problems with other servers that are going to flag your server form using self signed certificates.
By the way, I think Outlook's alerting users of the use of self signed certificates is a good idea, although it should also have a mechanism in place to stop those warnings on a permanent basis. Then again, if they did, someone would complain about that. You cannot make everyone happy.
Just my 2ยข.
-- Gerard