[Users] Accepting certificates emitted by certificate authorities

Jérôme jerome at jolimont.fr
Thu Nov 7 21:15:28 CET 2019


I just setup my mail server to use letsencrypt to manage certificates.

claws-mail then asked me to validate the certificate. I can understand
this when using a self-signed certificate, but I thought the point of
using a CA like "Let's encrypt" was to avoid this.

I found this thread :


where Paul answers


> Account preference: 'Automatically accept valid certificates'

IIUC, this will accept all valid certificates, in other words I
wouldn't be notified if a self-signed certificate was modified, which
is not really what I intended.

Web browsers, for instance will accept CA signed certs and not prompt
on renewal, but they generally choke on self-signed certs.

My questions are

- Is my understanding correct ?

- Is there a way to achieve what I meant to do (accept CA signed certs
  silently but prompt on modified self-signed cert)? If not, is it
  because it is not that trivial to maintain a list of recognized CA
  like web browsers do?

- Out of curiosity, how does claws-mail behave with common e-mail
  providers (gmail, yahoo, etc.) ? Are users prompted when the cert
  changes ? Maybe the change is not as frequent as when using let's

If I'm misleaded, suggestions welcome, of course.



More information about the Users mailing list