> I have finally installed a self-signed SSL certificate on my mail server
> at home, and it works great for webmail (using Squirrelmail). However, I
> have 2 questions:
>
> What are the security concerns with using a self signed certificate
> instead of one signed by Thawte or Verisign? I'm assuming that since the
> only people that use this server are my family and friends, and they all
> trust me, that there is no need for an expensive signature.
I do the same thing.
> How difficult would it be to incorporate the same certificate into UW
> IMAP, so that any IMAP connections that don't use webmail are secure? I
> would also like to do this for the Cyrus IMAP server at work.
> Authentication for Cyrus is a big mystery to me, but I would like to add
> SSL to encrypt the sessions. Thanks!
Session encryption should be part of the IMAP server software, or at least
a pluggable option - you shouldn't have to futz around trying to get it to
use your apache SSL info. (I use Courier IMAP.)
Levi
-- You always know the creative because it is revealed openly. Concealment betrays the existence of another force entirely. --Leto II----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:32:13 EDT