Differences

This shows you the differences between two versions of the page.

--- using_ssl_with_exim_4_on_debian [2009/07/03 17:52]
adam
+++ using_ssl_with_exim_4_on_debian [2009/07/06 14:51]
adam
@@ Line 3: / Line 3: @@
 Here I will be setting up SSL keys with Exim 4 under Debian to secure the transmission of emails and username and password details to my server.
-I will be using SSL certificates from CA Cert as they are free. CA Cert are not a commercial 'paid-for' certificate provider and so their keys will not automatically be installed in your web browser or mail client. You will need to install their root keys on every machine you wish to connect from over SSL to your machines which use CA Cert keys to avoid irritating errors. If you want to avoid this hassle or you want commercial grade support (and perhaps some insurance), go with a commercial SSL certificate provider like Thawte, Verizon or Comodo. By installing the CA Cert root keys, you are agreeing to the fact that you trust CA Cert to be secure and to verify your own keys against. In terms of commercial liability, this might not be something you want to do.
+I will be using SSL certificates from [[http://www.cacert.org/|CA Cert]] as they are free. CA Cert are not a commercial 'paid-for' certificate provider and so their keys will not automatically be installed in your web browser or mail client. You will need to install their root keys on every machine you wish to connect from over SSL to your machines which use CA Cert keys to avoid irritating errors. If you want to avoid this hassle or you want commercial grade support (and perhaps some insurance), go with a commercial SSL certificate provider like Thawte, Verizon or Comodo. By installing the CA Cert root keys, you are agreeing to the fact that you trust CA Cert to be secure and to verify your own keys against. In terms of commercial liability, this might not be something you want to do.
 If you want to use a commercial SSL provider, then this should still work for you, but the CA Cert specific stuff will need to be translated to apply to your own provider. Of course in that case, you won't need to import the CA Cert root keys either.
-I hope to expand this guide with how to configure Courier POP3 and IMAP to use SSL too, which means all of your sending and receiving of email between your mail client and server will be encrypted. Sending and receiving of mail between mail servers will only be encrypted if both ends support it and are configured to use it as a preference. You will have no control over other people's mail server do so, so there are no guarantees of complete end to end encrypted transmission. If that's what you want, you would be better off encrypting your email before sending using [[http://www.pgp.com/|PGP]] or [[http://www.gnupg.org/|GPG]]. For Thunderbird users like me, you can use the [[http://enigmail.mozdev.org/home/index.php|Enigmail]] extension which works with GPG and possibly PGP.
+I hope to expand this guide with how to configure Courier POP3 and IMAP to use SSL too, which means all of the sending and receiving of email between your mail client and server will be encrypted. Sending and receiving of mail between mail servers will only be encrypted if both ends support it and are configured to use it as a preference. You will have no control over whether other people's mail servers do so, so there are no guarantees of complete end to end encrypted transmission. If that's what you want, you would be better off encrypting your email before sending using [[http://www.pgp.com/|PGP]] or [[http://www.gnupg.org/|GPG]]. For Thunderbird users like me, you can use the [[http://enigmail.mozdev.org/home/index.php|Enigmail]] extension which works with GPG and possibly PGP.
 ==== Set up a CA Cert Account ====

Adam Sweet's Wiki

User Tools

Site Tools

Differences

Page Tools