-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 24 Nov 2016, Steve Litt wrote:
On Thu, 24 Nov 2016 07:52:51 +0100 (CET) Steffen Kaiser skdovecot@smail.inf.fh-brs.de wrote:
On Wed, 23 Nov 2016, Steve Litt wrote:
On Wed, 23 Nov 2016 16:04:22 -0600 (CST) Greg Rivers gcr+dovecot@tharned.org wrote:
$ strings $(whence alpine) | grep '^/.*certs$' /etc/ssl/certs
The directory or the certs isn't the problem. Alpine sees the self-signed cert I just made, but complains because it's self-signed, and gives me the choice between saying "yes" every time, and just not checking for certs at all.
"sees the self-signed cert"? Did you've added it as trusted to the CA as Greg said and wrote what to do?
No. I don't want to deal with a third party "Trusted Party": I want it self-signed. What I was looking for was a way Alpine could be set to check for a cert, warn if the cert is conflicting, but not warn if it's self-signed.
Er, question: what is a self-signed cert? A cert signed with a CA that is itself.
How can a client trust a cert? Because beginning with the cert presented by the server, the client walks up the cert chain, until it reaches either a missing cert or a trusted cert. In latter case, trust is given -> no warning. In first case, no trust -> warning.
So, because there is just one certificate involved with self-signed certs, you have to follow Greg's advice and make it trusted on your system.
Maybe, Frank-Ulrich's suggestion is even better. Roll your own CA. Mark the CA cert as trusted on your system and sign as many certs with it, as you wish.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWDfntHz1H7kL/d9rAQJjDAgAj4xJEFD+j9o+UMn+gKOFR/6fqYn/L3kz YwueoBi0+WSZR1rv3V1sZhCsfQDcU7zcrYIwt7ZhxOj9RE0g+20jo0qTPYHrX8ym m0cfv87az/UjZuK2HeKJL6u8ywoGQUQL0TxTiXOCdiQfKQwdPtIYJmtOSmNvyNce NlWNAZEgn1bJRJCbASWDIPypSnBNrAiMssjheEPV8XV7AZYR/ShjnqXCKoxohjY3 DCPwDqe53t3znwoqtAsocecqXVk6oentDiUbrcu9y9zBAeqBR/ScSR+p3+N45l16 NFIkeySHEIqmUiv+iagt6dy+XdFg/Wk6HHzvO3YC4c2S3RSrrUPm7g== =kva+ -----END PGP SIGNATURE-----