Kebba Foon wrote:
Hi List,
is it advisable to sign your own certificates to use on a production
environment?
IMNSHO, depends more on your client count and type than on the mechanics
of the cert and ca.
- server-to-server SSL/TLS transfers do not ordinarily 'care' about the
credentials of the ca unless TOLD to do so (still rare).
- end-user MUA submission (and POP/IMAP recovery - not Exim issues, but
MAY use same certs), DO 'care', at least the first time, and sometimes
EVERY time.
- If you serve one or a few multi-seat user groups with slow/low staff
turnover such as SOHO, SME, where one set of training and instructions
as to how to configure tha MUA(s) to accept a self-signed cert are
low-hassle and low support workload/cost? Self-signed will work fine.
- If you are a sizable ISP, ISP-like portal, or otherwise have a larger
user community, higher turover, harder time 'reaching' users to explain
MUA configuration ... then the relatively small cost of open/community
or for-fee commercial cert & ca becomes cheaper than support workload
costs 'Real Soon Now'.
Starting with a self-signed and switching to one from a recognized CA
if/as/when you hit the point where it justifies the cost is probably as
good a way forward as any other..
Bill
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
