On Fri, 24 Jul 2009, Bob Hoffman wrote:
Comes down I believe to the need to get a CA for dovecot's pem files or I will always get an error.
You've got to tell your mail client to trust either the dovecot certificate or the CA cert that signed it.
The procedure for doing so varies with your mail client. The message you sent to the list came from Outlook. Is that the client you typically use?
Trying not to buy a ssl for my private mail, doesn't seem like something you would need just to get access to your own mail, so no trusted CA there (ssh does not require trusted dang it).
The idea floated as a thought in some channels is to make a sort of self-trusted CA on your server for dovecot. But no examples of this can be found, so if anyone has knowledge, all ears here.
The easy-rsa scripts that ship with OpenVPN might be helpful to you. Grab the latest openvpn distribution:
http://openvpn.net/index.php/open-source/downloads.html
Then have a look at the easy-rsa instructions:
http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-...
You'll end up with a roll-your-own certificate authority (CA) and scripts to build a certificate for your dovecot server.
Then use the Window key-management system to import the CA's public certificate. At that point Outlook ought to trust your dovecot certificate.