[Dovecot] question about dovecot imap outlook clients
Sabahattin Gucukoglu
mail at sabahattin-gucukoglu.com
Tue Mar 11 12:36:35 EET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Joseph,
On 10 Mar 2008 at 16:53, Joseph Norris <jnorris at ucmerced.edu> said:
> on outlook, a message for certificates being trusted comes up, the user
> clicks yes and connection fails.
I can't think why that should happen at all. Outlook uses the same SSL
engine and certificate store as IE and IIS, I.E. the one built into the
Windows NT OS. So at best it should just be a warning that the
certificate isn't trusted that the user can just ignore. If not, it must
be configurable somewhere in Outlook.
> Do I have to get an ssl certificate to make it work? ( cost ouch!)
Theoretically not. But it would be useful to avoid the warnings and give
the users a sense of security.
> Is there a way around this using my own self-signed certificates?
Yes, if you import your certificate into the certificate stores of the
machines your users use as a Trusted Root Certification Authority, you can
use it to certify any host you like. It can be done in quite a few ways,
including with Security Policy, with scripts or by hand.
> Is there a cheaper ssl certificate service?
http://www.cacert.org/ . I've not got enough good things to say about
them. The only real drawback is that initially the certificates only last
six months a time, which turns out to be quite often enough for my small
home site. :-) On the other hand, it's FREE! They have a nice script-
driven installer for the Root Certificate on IE under Windows, which means
even MS Exchange servers can be cacert-powered in no time allowing for
inbound STARTTLS from them (Exchange defaults to paranoia and won't talk
[returns mail] if SSL doesn't verify when available). Nice.
Cheers,
Sabahattin
- --
Sabahattin Gucukoglu <mail<at>sabahattin<dash>gucukoglu<dot>com>
Address harvesters, snag this: feedme at yamta.org
Phone: +44 20 88008915
Mobile: +44 7986 053399
http://sabahattin-gucukoglu.com/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8
Comment: QDPGP - http://community.wow.net/grt/qdpgp.html
iQA/AwUBR9ZgsyNEOmEWtR2TEQIVXQCgpXubZDmf/tbl4PhTBJVMRiV3VtAAn3Yi
wTqt1mzGo1ZECWxPWyyzqlWA
=5+GE
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list