[Users] Accepting certificates emitted by certificate authorities
Jérôme
jerome at jolimont.fr
Thu Nov 7 21:15:28 CET 2019
Hi.
I just setup my mail server to use letsencrypt to manage certificates.
claws-mail then asked me to validate the certificate. I can understand
this when using a self-signed certificate, but I thought the point of
using a CA like "Let's encrypt" was to avoid this.
I found this thread :
https://claws-mail.org/pipermail/users/2016-August/017194.html
where Paul answers
https://claws-mail.org/pipermail/users/2016-August/017196.html
> Account preference: 'Automatically accept valid certificates'
IIUC, this will accept all valid certificates, in other words I
wouldn't be notified if a self-signed certificate was modified, which
is not really what I intended.
Web browsers, for instance will accept CA signed certs and not prompt
on renewal, but they generally choke on self-signed certs.
My questions are
- Is my understanding correct ?
- Is there a way to achieve what I meant to do (accept CA signed certs
silently but prompt on modified self-signed cert)? If not, is it
because it is not that trivial to maintain a list of recognized CA
like web browsers do?
- Out of curiosity, how does claws-mail behave with common e-mail
providers (gmail, yahoo, etc.) ? Are users prompted when the cert
changes ? Maybe the change is not as frequent as when using let's
encrypt...
If I'm misleaded, suggestions welcome, of course.
Thanks.
--
Jérôme
More information about the Users
mailing list