Gegroet, Tony Earnshaw heeft geschreven:
man, 2003-01-27 kl. 18:18 skrev Jeffrey Stedfast:
-----
Hmm. I bit odd for somebody with a '.nl' email-address. Is this Fries?
Well, they are used in other mail-clients; and mail-servers (like sendmail) can be set up to relay messages only when you use a certificate that has been issued by certain users.this could be usefull for mail, like for SMTP-servers. Sendmail actually get two certificates: one for 'client' sessions and one for 'server' sessions. (These can be identical but this doesn't have to be the case).mail protocols do not use client-ssl-certs, just like they are not used for HTTP.Just for the interest, Exim 4.12 smtp server with self-signed private and server (read public) keys works perfectly well with Evo 1.2.1 and always has done since Evo 1.0.5. When I first tried it.
Well, I prefer to use sendmail, as it is the 'standard' smtp-daemon that comes with solaris 9. (The guys who are going to keep the box running are rather 'pure' solaris administrators; so they prefered as much 'standard software' as possible).
Anycase, as I guess, the problem here is that the mail-client does not 'offer' a certificate to the server, using another server would not really help. But -at least- this means the sessions are encrypted and don't go 'in clear' over the LAN.
The only thing is, at the very first connect the user gets asked about accepting a suspect certificate, to which he acquiesces, and after that, Bob's your uncle.
Quite normal for self-signed certificates, if you ask me.Anycase, I did it differently. I used the 'certtool' from mozilla to add the server-certificate and the CA-certificate to 'keys3.db' and 'cert7.db'. This means that the tls-part in the imap-client of evolution already knew the certificates before I set up the first connection.
OTOH Evo with WU Imapd 2002a and ldap - no way do they work with SSL/TLS, whilst Imp and Mozilla 1.1 work perfectly well.
I actually use WU imapd as imap-servers; and this works OK for both evolution and mozilla/netscape.
Tony
Cheerio! Kr. Bonne.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature