How I've done it: I made my CA with OpenSSL, made a root certificate,
created a certificate for Stunnel and signed it with my root
certificate. And then imported the root certificate on all the hosts on
my network (which is not large) via Active Directory. Now Thunderbird,
OE and Outlook seem to work fine with Stunnel (one problem is The Bat!,
I had to import the certificate manually).
I did almost the same thing with some services on my network powered by
Apache (incl. SquirrelMail for DBMail), that also use SSL with that very
root certificate.
Michael Ritchie ?????:
Jorge,
This is normal behaviour for self-signed certificates. The problem is
that a mail client doesn't know to trust the self-signed certificate,
because the mail client doesn't know to trust the signature.
A certificate signed by a recognised CA (Certification Authority) will
bypass this message, because Thunderbird (and Outlook Express, and
other SSL clients) have lists of "trusted" root CAs.
In Thunderbird, click "Tools -> Options -> Privacy -> Security -> View
Certificates -> Authorities" to view the list of trusted authorities.
The Import button can be used to add additional authorities, but you
will need to do this for every user to avoid the message.
So, the choice reduces to:
1. paying someone on that list to sign your certificate, OR
2. adding yourself to that list on every workstation, OR
3. ignoring the message.
As stated earlier by Paul, any SSL howto will explain this more fully.
Michael.
Jorge Bastos wrote:
I tryed with thunderbird and there the same warning about it cannot
validate the cerficate or something.
I created the certificate using the script that is in the wiki.
----- Original Message ----- From: Jorge Bastos To: [email protected]
Sent: Saturday, July 22, 2006 9:39 PM
Subject: [Dbmail] Stunnel4
Hi,
I've configured stunnel4 as the wiki in:
http://dbmail.org/dokuwiki/doku.php?id=stunnel
But when i try to connect to imap via SSL i have a warning like i
show in a attach picture.
Could this be a problem with outlook express, maybe deprecated,
stunnel or some dbmail-imapd problem?
I didn't tryed with tunderbird for example, going to download the
setup and install and try and i'll give some feedback.
Jorge
_______________________________________________
Dbmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
--
Best regards,
Danil V. Gerun.
