accepting self-signed pop3s server certificates

[No Whereman]

[accepting self-signed pop3s server certificates]
v
Is there a way to get an instance of Outlook 2000
or above to accept a self-signed pop3s certificate
--so it doesn't nag the user with the following message:
v
"The server you are connecting to is using a security
certificate that could not be verified. <snip> Do
you want to continue using this server?"
v
i.e., I would like for the user to be able to accept the
certificate once and keep it at least until its date
expires like you can do for an "https://" certificate in
Internet Explorer. I've seen a certificate management
feature in Eudora which also allows the user
to trust and save a self-signed pop3s certificate.
v
.. . .or is sending money to a signing authority
the only way. That seems a bit much for an internal
certificate that I already know to trust.
---end---
I got this way from sitting in front of 8" green screens.
--------

 

[Jeff Stephenson [MSFT]]

If this is configurable (I don't know whether it is...), it would be in
Internet Explorer options. Outlook does not generate this message, it's
from IE code that Outlook uses.

 

[Noe Whereman]

If this is configurable (I don't know whether it is...), it would be in
Internet Explorer options. Outlook does not generate this message, it's
from IE code that Outlook uses.

Thanks for the jumpstart. In my case the *apparent* solution was to
cut-and-paste the:
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
section of /usr/share/ssl/certs/ipop3d.pem [i.e., *not* the private
key section] into a text file and import it via Internet Explorer, Tools,
Internet Options,Content Tab, Certificates.
v
I was hoping for something I could instruct the end-user to do
without me carrying the key to each workstation. Is the more usual
solution to get the certificate signed by a signed by a signing
authority? I usually make the ssl keys for each service separately,
but I was thinking of getting one key signed for apache and then
copying it over to all the other service keys like "imaps", etc.
make sense?
---end---

 

[Jeff Stephenson [MSFT]]

Yes, if you get a certificate from a signing authority you should have no
problem.

--
Jeff Stephenson
Outlook Development
This posting is provided "AS IS" with no warranties, and confers no rights

If this is configurable (I don't know whether it is...), it would be in
Internet Explorer options. Outlook does not generate this message, it's
from IE code that Outlook uses.

Thanks for the jumpstart. In my case the *apparent* solution was to
cut-and-paste the:
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
section of /usr/share/ssl/certs/ipop3d.pem [i.e., *not* the private
key section] into a text file and import it via Internet Explorer, Tools,
Internet Options,Content Tab, Certificates.
v
I was hoping for something I could instruct the end-user to do
without me carrying the key to each workstation. Is the more usual
solution to get the certificate signed by a signed by a signing
authority? I usually make the ssl keys for each service separately,
but I was thinking of getting one key signed for apache and then
copying it over to all the other service keys like "imaps", etc.
make sense?
---end---