On Friday 03 November 2006 05:00, Gerard Seibert wrote:
On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
Unfortunately, Outlook makes trouble with self signed SSL certs: It requires to accept the certificate again after every restart, what is very annoying for the users and makes it hard to recognize forged certs. So you will have the choice to allow password sniffing, annoy your users, buy an official cert - or to get a decent mail client installed.
I would vote for the 'Official Cert' option. Seriously, unless you are running a home based operation, why would you not be employing a properly signed certificate. After all, if you are offering SSL on your mail server, you are going to need a signed certificate or else risk having problems with other servers that are going to flag your server form using self signed certificates.
If you're going to go the self-signed route, you may as well create your own
CA as I did. It's only a few more steps and then you can supply the CA's
certificate to the clients accessing your server for inclusion in
their "trusted root certificates". After all, I can trust my certificates
even more than I trust Verisign. The annoying messages then go away. After
all it's only your clients accessing your pop server, not the general public.
Not that I've ever had a problem with the smtp side with that setup.
By the way, I think Outlook's alerting users of the use of self signed certificates is a good idea, although it should also have a mechanism in place to stop those warnings on a permanent basis. Then again, if they did, someone would complain about that. You cannot make everyone happy.
You mean like Thunderbird, as well as most non-Microsoft clients I've tried.
Most people I know are happy with that solution.
My 2c too.
Mike