docecot SSL/TLS without certificate

[John Johnstone]

On 5/20/2015 8:36 AM, Ernie Luzar wrote:
> Is there some way to configure Dovecot pop3 server to provide TLS
> without Dovecot needing a certificate? The self signed cert that the
> Dovecot manual shows you how to make is flagged as invaild / un-trusted
> every time my thunderbird mail reading client fetches mail and I have to
> answer question about accepting it.
>
> I see Dovecot has option to require client to also have a certificate
> but no where does the Dovecot manual talk about what this certificate is
> or how to build it. Will importing the Dovecot certificate to
> Thunderbird stop Thunderbird from issuing that invaild / un-trusted
> certificate error message?

When Thunderbird makes a secure connection to an untrusted server it 
puts up the Add Security Exception prompt.  At the bottom is a checkbox 
for Permanently store this exception.  Just check that and you will only 
have to confirm the exception that one time.  Thunderbird will store the 
certificate.  You can take a look at it under Options > Advanced > 
Certificates > View Certificates.

You won't need a client certificate.

This is a fairly old article on SSL/TLS but most of it is probably still 
valid.

https://tidbits.com/article/9049

You can read up on similar articles to help understand all of this.

-
John J.