[Users] [Bulk] SSL certificates

Kevin Chadwick ma1l1ists at yahoo.co.uk
Thu Jul 5 20:40:26 CEST 2012


> Hi!  I am back to using Claws Mail again (under Debian, both 32- and
> 64-bit), having too many issues with Thunderbird. 
> 
> I have a question regarding the SSL certificates.  I have some of the
> e-mail server settings set to use SSL connections.  On the server
> certificates, when Claws prompted to save them, I noticed one of them
> had an expiration date later this year and another one expires in 2013.
> 
> Once the certificates are renewed, does Claws automatically search for
> and prompt to save the new certificate again?

Claws doesn't search it receives a certificate from the mail server and
asks you to manually verify the cert but I think? only if claws can't
verify it was signed by a certificate authority. If you successfully
manually verified the certs (likely difficult as you probably don't know
what the fingerprint should be or have a secure channel to find out) and
disabled the CAs, you would actually be more secure. If as you likely
can't verify the certificates fingerprint then the window for an
attacker getting you to accept the wrong certificate is still limited to
the first connection each time the certificate is renewed after
expiration.

Before it expires the server admins will update the certificate and
claws will likely ask you again (not signed by CA still) before storing
the new one as validated by you.

-- 
________________________________________________________

 Why not do something good every day and install BOINC.
________________________________________________________



More information about the Users mailing list