[Dovecot] Certificate Server name!
Andy Shellam
andy.shellam-lists at mailnetwork.co.uk
Sun Jul 6 23:59:36 EEST 2008
WJCarpenter wrote:
>
>> Easy! Either connect to imap.tib.com instead of mail.tib.com, or
>> create and install a new security certificate on the server which is
>> for mail.tib.com instead.
>
> Another solution is to obtain and install a wildcard certificate
> (which will be good for all *.tib.com).
> That's the good news. The bad news is that the commercial certificate
> authorities charge extra for wildcard certificates because they know
> they're more valuable to you (and not because it costs them anything
> extra in creating them, except maybe lost sales of certificates for
> specific names).
This is true, but just to resolve a single hostname configuration issue,
and unless the OP has a cluster of servers (e.g. imap1.tib.com,
imap2.tib.com.... imapN.tib.com), it's a bit of overkill.
> BTW, you can get free certificates from http://cacert.org (no
> affiliation except as a user), though the first time your users see
> them they may have to answer a pop-up about a "funny" certificate.
> (My experience is that most users just click OK and don't give it much
> thought. The ones who do think about it tend to be more sophisticated
> anyhow, so they can sort it out rather than just switching off the
> computer in a panic and watching TV for the rest of their lives.)
>
>
I personally use RapidSSL (from a company call Trustico in the UK.)
They cost around £9 per year per domain, and are recognised by major
browsers so no warning messages about untrusted certificates. The only
downside is they don't give any organisational information out (except
that the certificate owner has been verified.)
More information about the dovecot
mailing list