Re: Updated my Dovecot certificate for the first time

Steffen Kaiser Thu, 24 Nov 2016 23:27:40 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 24 Nov 2016, Steve Litt wrote:

On Thu, 24 Nov 2016 07:52:51 +0100 (CET)
Steffen Kaiser <skdove...@smail.inf.fh-brs.de> wrote:

On Wed, 23 Nov 2016, Steve Litt wrote:

On Wed, 23 Nov 2016 16:04:22 -0600 (CST) Greg Rivers
<gcr+dove...@tharned.org> wrote:

$ strings $(whence alpine) | grep '^/.*certs$'
/etc/ssl/certs


The directory or the certs isn't the problem. Alpine sees the
self-signed cert I just made, but complains because it's
self-signed, and gives me the choice between saying "yes" every
time, and just not checking for certs at all.


"sees the self-signed cert"?
Did you've added it as trusted to the CA as Greg said and wrote what
to do?


No. I don't want to deal with a third party "Trusted Party": I want  it
self-signed. What I was looking for was a way Alpine could be set to
check for a cert, warn if the cert is conflicting, but not warn if it's
self-signed.


Er, question: what is a self-signed cert?
A cert signed with a CA that is itself.

How can a client trust a cert?

Because beginning with the cert presented by the server, the client walksup the cert chain, until it reaches either a missing cert or a trustedcert.

In latter case, trust is given -> no warning.
In first case, no trust -> warning.

So, because there is just one certificate involved with self-signed certs,you have to follow Greg's advice and make it trusted on your system.

Maybe, Frank-Ulrich's suggestion is even better. Roll your own CA. Markthe CA cert as trusted on your system and sign as many certs with it, asyou wish.

- --Steffen Kaiser

Re: Updated my Dovecot certificate for the first time

Reply via email to