Jim Cheetham wrote:
Or, create your own CA with OpenSSL (a posh phrase that really means 'generate a couple of specific files'), then create the mail server key signed by that. Import the CA certificate into your email software - it will now accept the mail server key.... I don't think that's quite enough is it? Don't you still get questioned as to whether you're prepared to accept the certificate?
"Import the CA certificate into your email software"
The following part of the sentence could have been clearer ...
"it will now accept *any certificate signed by that CA including* the mail server key"
Basically, you *once* (per authentication backend) import the self-created CA certificate, and declare it to be an authority. Then it has an equal rank to the ones that come pre-seeded.
-jim
