On 2012-11-23 at 19:37 -0700, The Doctor wrote: > Which is the best CS Cert vendor for Exim?
Define "CS Cert"? The only CS I know in certificate context is "Code Signing", which is irrelevant. I'm guessing you're just after a Certificate Authority. For what purpose, with what user base? If you mean port 25 MX, then there's currently no verification and the only proposal to add verification will use DNSSEC/DANE as a trust anchor, so the a X.509 PKI CA is irrelevant. Sign yourself, or use CACert to get something which other technical folks can verify, don't pay money. If you mean for port 587 (or 465) then the issue is entirely one of getting the CA root cert into the mail-client or system for all clients who can legitimately access it. The choice then depends upon how many people, how clueful they are, how much control you have over their systems, whether you're one organisation, etc. For high assurance requirements such as banking organisations, you pay for an EV cert. For most people running personal services it might be CA Cert or an in-house Cert. Otherwise, it's probably "the cheapest one that's still in most clients". StartSSL certs from StartCom in Israel are free for many simple cases and will probably work. Worst case, you lose a little time learning enough through mistakes in your first deployment and start over, either paying or not. If you're part of a larger organisation, then it's "whichever CA your security team likes", because they'll typically be the one monitoring the services, making sure certificates get renewed and so on. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
