31 aug 2018 kl. 19:47 skrev Chuck Campbell <campbell at accelinc.com>: > I am getting myself confused, and need someone who fully understands this process to help me out a bot. > > I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. > > My domain is hosted by networksolutions, but I don't run my imap server there. > > I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I need. I am running dovecot at teh moment, but my clients (iphone, windows laptops) say my ssl connection is not trusted. The phone just won't connect. > > I tried emailing the dovecot.pem file to my phone and installing it, but it just says it is not trusted. > > This leads me to obtaining a real CA issued certificate. I'm not sure what to do with it, once I get one, and then if I need to subsequently regenerate my dovecot.pem file?? Nope, you don't have to pay for a certificate at one of the traditional CAs, you can use Let's Encrypt to have free but fully valid certificates for your server. See https://letsencrypt.org/ for more information. I can recommend https://github.com/xenolf/lego for use on your server, but there are many different LE clients out there. If your phone does not already trust Let's Encrypt's CAs, you should be able to install their certificates to get it working. I suggest you start by getting a cert onto your server and take it from there though. Regards, Leo