Zitat von jeffrey j donovan <dono...@beth.k12.pa.us>:
Greetings I need some user opinions on obtaining certificates. Free or purchase ?I have a bank of relays and imap servers running in my intranet. We have been using self signed certs for ever, but I am thinking that a Free " comodo " style cert may work in this case. But I know absolutely nothing about these in use with email, and I am really confused about the different certificate types. what i should use, and where to get them.good bad indifferent , is there a better way ? systems im looking at primary mx primary dns relays (1,2,3) imap/pop (1,2,3,4,) webmail/apachemy primary concern is the smtp relays I have setup for external authentication. any advise would be helpful
With self-signed the users are bothered to decide if they like to trust your certs, and most of the time are not able to make a well founded decision. So you should strive to use certificates which are known to the clients used by your userbase at the points your users connecting to your service. This will include
- IMAP-TLS/SSL - POP3-TLS/SSL - HTTPS - SMTP-Submission with TLSThe downside of not using self-signed certificates is the need for replacing the certificates at end of validity which is rather short compared to what is possible when self-signing.
You may have a look here for "well-known" cheap certificates http://www.startssl.com or here for certificates from a community root-CA http://www.cacert.org Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
