Citeren Raymond Herrera <raym...@forcewise.com>:
That is good to know. I was working on the wrong assumption,
attempting to create a client certificate on the Windows/Thunderbird
side.
I am using the SSL Certificate that comes with the distribution, so
the conclusion is Thunderbird does not trust it.
I have this in my notes from ages ago, for generating my own
self-signed certificate:
% openssl req -x509 -newkey rsa:4096 -sha256 -keyout openssl.key
-out openssl.crt -days 600 -config san.cnf
See attached the 2 errors that I am getting, one is from the
distribution cert.
I recommend you stay clear of self-signed certificates if the number
of users is greater than one, unless there is a very specific need to
use them. Setting up multiple systems to trust your self-signed
certificate is no fun when you need to aid people in setting up their
systems to trust it.
Can a kind soul tell me the current way to do this in Linux?
Perhaps I should use a free service? Which?
In most cases, Letsencrypt will work just fine. Do remember to setup
auto renewal for your certificate(s) and make sure you trigger your
systems to reload them upon renewal. You wouldn't be the first to
forget about the latter.
TIA
Raymond
