On Fri, 24 Jul 2009, Bob Hoffman wrote: >>> Comes down I believe to the need to get a CA for dovecot's pem >>> files or I will always get an error. >> >> You've got to tell your mail client to trust either the dovecot >> certificate or the CA cert that signed it. >> >> The procedure for doing so varies with your mail client. The >> message you sent to the list came from Outlook. Is that the client >> you typically use? > > Trying not to buy a ssl for my private mail, doesn't seem like > something you would need just to get access to your own mail, so no > trusted CA there (ssh does not require trusted dang it). > > The idea floated as a thought in some channels is to make a sort of > self-trusted CA on your server for dovecot. But no examples of this > can be found, so if anyone has knowledge, all ears here. The easy-rsa scripts that ship with OpenVPN might be helpful to you. Grab the latest openvpn distribution: http://openvpn.net/index.php/open-source/downloads.html Then have a look at the easy-rsa instructions: http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html You'll end up with a roll-your-own certificate authority (CA) and scripts to build a certificate for your dovecot server. Then use the Window key-management system to import the CA's public certificate. At that point Outlook ought to trust your dovecot certificate. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/