On 12/10/2021 10:36, Jerry Malcolm wrote: > Benoit, > > I was thrilled to see the option for creating a direct keystore > without having to go through the every-3-month LetsEncrypt and the > manual commands to create the keystore file. But as soon as I put the > new keystore file in and tried to send an email, Thunderbird told me > that the certificate was bad since it was self-signed and no > 'reputable' business would ask the user for an exception to a > certificate, and I needed to 'fix my configuration'. Correct.
Self signed certificates could be bypassed in thunderbird configuration as far as I know. > > Ok, I know it's self-signed. I think I already know the answer to > this question.... but just confirming. Is there anything else I can > do to make Thunderbird and other email clients accept this cert? Or > is it back to LetsEncrypt and the continuous 3 month renewal process? Yes very likely. > > Just out of curiosity, if indeed email clients are not going to like > the self-signed, in what situations is it a useful cert? TLS is useful for encryption though self signed certificate do not allow to identify the server they are still useful. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org > For additional commands, e-mail: server-dev-h...@james.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
