On 3/13/2013 8:01 AM, Phil Turmel wrote:
On 03/13/2013 01:51 AM, Stan Hoeppner wrote:
On 3/13/2013 12:00 AM, Alex wrote:
I just verified that TB (17.0.4) won't do STARTTLS on TCP 143 without first accepting the self signed cert.
I'm really hoping someone can help me to clarify more specifically what's going on here.
You've already clarified it. You simply can't do account auto configuration with a self signed cert, at least not with a vanilla TB setup. The only possible solution I can think of would be to preload the user profile with the certificate. I don't know how you'd do this. I think you have some research ahead of you.
It's relatively easy. On first starting TB with no account, cancel the wizard. The use "Edit" -> "Preferences" or "≡" -> "Options..." -> "Options..." to get to TB's configuration pages. There, use "Advanced" -> "Certificates" -> "View Certificates" -> "Servers" and finally "Import..."
After you've imported the needed cert, you can re-open the wizard with "Create new account".
You can also use this method to import a self-signed certificate authority if you want to run your own signing operation.
How does he do this at scale Phil?
That's what I was commenting on. Importing the cert manually into each client profile probably isn't a realistic option here.
Alex is not a sysadmin but a solutions provider. He needs to drop the server in place and get out with minimal fuss, and without walking around to each user desktop at his clients' sites. Which is why Alex wanted to use auto configuration to begin with, I'd guess.
So assuming these are MS Windows desktops, I'd think he'd need to use one of the Windows specific deployment tools to preload each user profile with the cert. That's why I said he had some research ahead of him. Unless someone here has that answer at hand.
-- Stan