Stunnel4

Jorge,

This is normal behaviour for self-signed certificates.  The
problem is 
that a mail client doesn't know to trust the self-signed
certificate, 
because the mail client doesn't know to trust the
signature.

A certificate signed by a recognised CA (Certification
Authority) will 
bypass this message, because Thunderbird (and Outlook
Express, and other 
SSL clients) have lists of "trusted" root CAs.

In Thunderbird, click "Tools -> Options ->
Privacy -> Security -> View 
Certificates -> Authorities" to view the list of
trusted authorities. 
The Import button can be used to add additional authorities,
but you 
will need to do this for every user to avoid the message.

So, the choice reduces to:
1. paying someone on that list to sign your certificate, OR
2. adding yourself to that list on every workstation, OR
3. ignoring the message.

As stated earlier by Paul, any SSL howto will explain this
more fully.

Michael.


Jorge Bastos wrote:
> I tryed with thunderbird and there the same warning
about it cannot validate the cerficate or something.
> I created the certificate using the script that is in
the wiki.
> 
> 
>   ----- Original Message ----- 
>   From: Jorge Bastos 
>   To: dbmaildbmail.org 
>   Sent: Saturday, July 22, 2006 9:39 PM
>   Subject: [Dbmail] Stunnel4
> 
> 
>   Hi,
> 
>   I've configured stunnel4 as the wiki in:
> 
>   http:/
/dbmail.org/dokuwiki/doku.php?id=stunnel
> 
>   But when i try to connect to imap via SSL i have a
warning like i show in a attach picture.
>   Could this be a problem with outlook express, maybe
deprecated, stunnel or some dbmail-imapd problem?
>   I didn't tryed with tunderbird for example, going to
download the setup and install and try and i'll give some
feedback.
> 
>   Jorge
_______________________________________________
Dbmail mailing list
Dbmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail

How I've done it: I made my CA with OpenSSL, made a root
certificate, 
created a certificate for Stunnel and signed it with my root

certificate. And then imported the root certificate on all
the hosts on 
my network (which is not large) via Active Directory. Now
Thunderbird, 
OE and Outlook seem to work fine with Stunnel (one problem
is The Bat!, 
I had to import the certificate manually).
I did almost the same thing with some services on my network
powered by 
Apache (incl. SquirrelMail for DBMail), that also use SSL
with that very 
root certificate.



Michael Ritchie ?????:
> Jorge,
>
> This is normal behaviour for self-signed certificates.
The problem is 
> that a mail client doesn't know to trust the
self-signed certificate, 
> because the mail client doesn't know to trust the
signature.
>
> A certificate signed by a recognised CA (Certification
Authority) will 
> bypass this message, because Thunderbird (and Outlook
Express, and 
> other SSL clients) have lists of "trusted"
root CAs.
>
> In Thunderbird, click "Tools -> Options ->
Privacy -> Security -> View 
> Certificates -> Authorities" to view the list
of trusted authorities. 
> The Import button can be used to add additional
authorities, but you 
> will need to do this for every user to avoid the
message.
>
> So, the choice reduces to:
> 1. paying someone on that list to sign your
certificate, OR
> 2. adding yourself to that list on every workstation,
OR
> 3. ignoring the message.
>
> As stated earlier by Paul, any SSL howto will explain
this more fully.
>
> Michael.
>
>
> Jorge Bastos wrote:
>> I tryed with thunderbird and there the same warning
about it cannot 
>> validate the cerficate or something.
>> I created the certificate using the script that is
in the wiki.
>>
>>
>> ----- Original Message ----- From: Jorge Bastos To:
dbmaildbmail.org 
>> Sent: Saturday, July 22, 2006 9:39 PM
>> Subject: [Dbmail] Stunnel4
>>
>>
>> Hi,
>>
>> I've configured stunnel4 as the wiki in:
>>
>> http:/
/dbmail.org/dokuwiki/doku.php?id=stunnel
>>
>> But when i try to connect to imap via SSL i have a
warning like i 
>> show in a attach picture.
>> Could this be a problem with outlook express, maybe
deprecated, 
>> stunnel or some dbmail-imapd problem?
>> I didn't tryed with tunderbird for example, going
to download the 
>> setup and install and try and i'll give some
feedback.
>>
>> Jorge
> _______________________________________________
> Dbmail mailing list
> Dbmaildbmail.org
> htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
>


-- 
Best regards,
Danil V. Gerun.

_______________________________________________
Dbmail mailing list
Dbmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail