On 09.08.2017 17:20, Alef Veld wrote:

> So i’m using dovecot, and i created a self signed certificate with
> mkcert.sh based on dovecot-openssl.cnf. The name in there matches my
> mail server.
> The first time it connects in mac mail however, it says the certificate
> is invalid and another server might pretend to be me etc.

This is to be expected for self-signed certificates. The MUA (Apple Mail
in your case) cannot know that the certificate is trusted until you
confirm it.

For certificates signed by third parties, the client (or OS) performs
the same checks. If a chain of trust can be established based on the
client/OS certificate store, which comes pre-populated with well-known
third party CA certificates, allowing to verify certificate signatures,
your MUA will trust the presented certificate without you confirming it.

I recommend you look into using a free Let's Encrypt certificate (see
https://letsencrypt.org/) instead of a self-signed certificate.


Reply via email to