[Users] Accepting certificates emitted by certificate authorities
lists at lazygranch.com
Thu Nov 7 21:40:12 CET 2019
A self signed cert isn't in a root store, so I can see why a browser complains.
There is no issue with certs for those exchanging email with a server using letsencrypt.
I get the same "problem" with claws, but I think of it more like a feature. It is a notice that letsencrypt is working. The only change I would like to see is that I rather not approve the cert change on every claws email account.
From: jerome at jolimont.fr
Sent: November 7, 2019 1:15 PM
To: users at lists.claws-mail.org
Subject: [Users] Accepting certificates emitted by certificate authorities
I just setup my mail server to use letsencrypt to manage certificates.
claws-mail then asked me to validate the certificate. I can understand
this when using a self-signed certificate, but I thought the point of
using a CA like "Let's encrypt" was to avoid this.
I found this thread :
where Paul answers
> Account preference: 'Automatically accept valid certificates'
IIUC, this will accept all valid certificates, in other words I
wouldn't be notified if a self-signed certificate was modified, which
is not really what I intended.
Web browsers, for instance will accept CA signed certs and not prompt
on renewal, but they generally choke on self-signed certs.
My questions are
- Is my understanding correct ?
- Is there a way to achieve what I meant to do (accept CA signed certs
silently but prompt on modified self-signed cert)? If not, is it
because it is not that trivial to maintain a list of recognized CA
like web browsers do?
- Out of curiosity, how does claws-mail behave with common e-mail
providers (gmail, yahoo, etc.) ? Are users prompted when the cert
changes ? Maybe the change is not as frequent as when using let's
If I'm misleaded, suggestions welcome, of course.
Users mailing list
Users at lists.claws-mail.org
More information about the Users