Could this inclusion without services (ie. just a recognition that the CA exists) meet my requirement that Mozilla recognize the certificate from my own personal sendmail server using SSL port 995 without constantly getting the Domain Name Mismatch message for localhost.localdomain every time I check for mail?
Adding new CAs will solve the errors that say unknown issuer unrecognized issuer untrusted issuer
but not cert name mismatch. If you're getting cert name mismatch, then the name in your cert doesn't match the name you're using in a URL or email address.
All I'm after here is that my software recognize that the server is indeed who it says it is, and any certificate I can generate on my server without reference to some external CA is obviously not going to be acceptable on the public Internet. I've been using FreeSSL as my CA - but they keep getting ever more expensive, now it's a $50 annual fee for the cheapest option. (So Free isn't free any more!)
Adding more CAs to the list will help that, for sure, because then you'll be able to get a cert that works on your server.
But the cert name mismatch is a separate problem.
-- Nelson B
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
