On Tue, 2011-04-05 at 09:22 +0000, W B Hacker wrote: > Kebba Foon wrote: > > Hi List, > > > > is it advisable to sign your own certificates to use on a production > > environment? > > > > > > > > IMNSHO, depends more on your client count and type than on the mechanics > of the cert and ca. > > - server-to-server SSL/TLS transfers do not ordinarily 'care' about the > credentials of the ca unless TOLD to do so (still rare).
Its for server-to-server transfers, it seems that there is a mail server that wont talk on plain text to my server, it always want to do starttls. > - end-user MUA submission (and POP/IMAP recovery - not Exim issues, but > MAY use same certs), DO 'care', at least the first time, and sometimes > EVERY time. Am not sure how to make the setting only do MTA to MTA and not with the MUA(s), maybe there is a setting to turn this of. on my config am doing tls_advertise_hosts = * > - If you serve one or a few multi-seat user groups with slow/low staff > turnover such as SOHO, SME, where one set of training and instructions > as to how to configure tha MUA(s) to accept a self-signed cert are > low-hassle and low support workload/cost? Self-signed will work fine. > > - If you are a sizable ISP, ISP-like portal, or otherwise have a larger > user community, higher turover, harder time 'reaching' users to explain > MUA configuration ... then the relatively small cost of open/community > or for-fee commercial cert & ca becomes cheaper than support workload > costs 'Real Soon Now'. yea i have a few thousand users on my system currently, and been have lots of trouble lately. > Starting with a self-signed and switching to one from a recognized CA > if/as/when you hit the point where it justifies the cost is probably as > good a way forward as any other.. I will probably be testing this first with my self-sign certificate and see how things turn our. > > Bill > > Kebba -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
