On 27 Sep 2008 at 13:22, mouss wrote:
if you have a commercial cert, you don't need a self signed cert. self signed certs are for people who don't want to get a cert signed by a 3d party (commercial or other). For email, you generally don't need a commercial certificate because your users know you and you know them, and because users don't connect to thousand imap servers.
Huh? I am looking to implement client side certificates which have to be installed on the end user device before they are able to connect to my mailserver.
I already have a commercial cert on the mailserver so that's a moot point.
Secondly a client cert allows me to verify that the device connecting is
allowed, this is secondary to any login info the user may have, ie 2 factor
authentication, something you know (uid/password) and something you have
(certificate).
Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)