------------ Original Message ------------
Date: Tuesday, December 24, 2013 12:57:53 AM +1100
From: nanotek <nano...@bsdbox.co>
To: postfix-users@postfix.org
Subject: Certificate Error (android client)

I am receiving a "Certificate Error" when sending mail from K-9 on
my android. I do not receive any error on my PC client
(Thunderbird).

I only have a self-signed public certificate and private key
configured for use by Postfix. Should I create my own Certificate
Authority and cat its certificate into a .chn file with the
Postfix server certificate and use this instead of the standalone
Postfix cert?

Or should I create my own CA and just make use of the:

$smtpd_tls_CAfile
$smtpd_tls_CApath

options in main.cf? Same result, I gather, via different means.
But will it resolve this K-9 error? Thanks.


Did you just upgrade to k9-4.802? They made some changes to the
their certificate code and the change log notes indicate that you'll
need to manually re-accept certificates that you manually accepted
previously (e.g., self-signed certs) ... and I can confirm this.

Once accepted I don't think you'll get prompted again -- I haven't.


     - Richard




Wow. I feel foolish.

Yes: I did just upgrade. After having re-accepted my certificate, I can
now send mail sans said error. Thanks, Richard.

Still, might be a good time to create my own CA and upgrade to 4096 bit
keys/certificates using SHA512 algorithms and make use of some
Diffie-Hellman ephemeral elliptic curve parameters for perfect forward
secrecy. I've read http://www.postfix.org/TLS_README.html -- Postfix
documentation is exceptional by the way -- are there any guides for DHE?


--
syn.bsdbox.co


Reply via email to