[Users] Accepting certificates emitted by certificate authorities

lists lists at lazygranch.com
Thu Nov 7 21:40:12 CET 2019


A self signed cert isn't in a root store, so I can see why a browser complains. 

There is no issue with certs for those exchanging email with a server using letsencrypt. 

I get the same "problem" with claws, but I think of it more like a feature. It is a notice that letsencrypt is working. The only change I would like to see is that I rather not approve the cert change on every claws email account. 





	  Original Message  



From: jerome at jolimont.fr
Sent: November 7, 2019 1:15 PM
To: users at lists.claws-mail.org
Subject: [Users] Accepting certificates emitted by certificate authorities


Hi.

I just setup my mail server to use letsencrypt to manage certificates.

claws-mail then asked me to validate the certificate. I can understand
this when using a self-signed certificate, but I thought the point of
using a CA like "Let's encrypt" was to avoid this.

I found this thread :

https://claws-mail.org/pipermail/users/2016-August/017194.html

where Paul answers

https://claws-mail.org/pipermail/users/2016-August/017196.html

> Account preference: 'Automatically accept valid certificates'

IIUC, this will accept all valid certificates, in other words I
wouldn't be notified if a self-signed certificate was modified, which
is not really what I intended.

Web browsers, for instance will accept CA signed certs and not prompt
on renewal, but they generally choke on self-signed certs.

My questions are

- Is my understanding correct ?

- Is there a way to achieve what I meant to do (accept CA signed certs
  silently but prompt on modified self-signed cert)? If not, is it
  because it is not that trivial to maintain a list of recognized CA
  like web browsers do?

- Out of curiosity, how does claws-mail behave with common e-mail
  providers (gmail, yahoo, etc.) ? Are users prompted when the cert
  changes ? Maybe the change is not as frequent as when using let's
  encrypt...

If I'm misleaded, suggestions welcome, of course.

Thanks.

--
Jérôme
_______________________________________________
Users mailing list
Users at lists.claws-mail.org
https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users


More information about the Users mailing list