Updated my Dovecot certificate for the first time

Andrew McGlashan andrew.mcglashan at affinityvision.com.au
Thu Nov 24 15:55:10 UTC 2016



On 25/11/16 02:37, Steve Litt wrote:
>> "sees the self-signed cert"?
>> Did you've added it as trusted to the CA as Greg said and wrote what
>> to do?
> 
> No. I don't want to deal with a third party "Trusted Party": I want  it
> self-signed. What I was looking for was a way Alpine could be set to
> check for a cert, warn if the cert is conflicting, but not warn if it's
> self-signed.

I used self-signed certs for ages, when I did so, I installed MY OWN
root CA in to various machines as needed -- sometimes that meant in
multiple locations (one for IE and Chrome in Winblows world and another
place for Firefox).

Anyway, that has all stopped now as I use Let's Encrypt certs everywhere
without any problems.

My exim4 has the updated cert, the same cert goes to my webserver and
gets pointed to for dovecot.  No more issues of self-signed certs, I can
every have lots of related sub-domains to make it even better without
needing lots of different certs.

There is one advantage of using self-signed, that is, you get to trust
yourself and the certs 100%, but others won't do so; so, all in all, it
is better to use official certs that are widely accepted.

I sure understand that the world of zillions of CAs to trust is a woeful
one, but it works better than the trouble of using self-signed certs.

NB: I don't do full auto certs, I have a process where I put servers in
maintenance mode and manually update the certs, put them in place and
restart all the services that use them.... apache2, exim4, dovecot,
ejabber -- all using LE certs.

Cheers
AndrewM

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20161125/7ff56ad0/attachment.sig>


More information about the dovecot mailing list