On 27 Sep 2008 at 13:22, mouss wrote:
> if you have a commercial cert, you don't need a self signed cert. self > signed certs are for people who don't want to get a cert signed by a 3d > party (commercial or other). For email, you generally don't need a > commercial certificate because your users know you and you know them, > and because users don't connect to thousand imap servers. Huh? I am looking to implement client side certificates which have to be installed on the end user device before they are able to connect to my mailserver. I already have a commercial cert on the mailserver so that's a moot point. Secondly a client cert allows me to verify that the device connecting is allowed, this is secondary to any login info the user may have, ie 2 factor authentication, something you know (uid/password) and something you have (certificate). -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)