Is it required to have the cert to be able to use TLS?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Is it required to have the cert to be able to use TLS?

bilal ghayyad
Hi All;

Is it required to have the cert to be able to use the TLS?

To be able to use noplaintext, what is required for this to be existed?

Regards
Bilal
Reply | Threaded
Open this post in threaded view
|

Re: Is it required to have the cert to be able to use TLS?

blue_cowdawg
On Sat, 2012-01-14 at 05:52 -0800, bilal ghayyad wrote:

> Is it required to have the cert to be able to use the TLS?


Short answer:  yes

More detail:  this can either be a self signed cert or one purchased
from any number of cert suppliers.  Problem with a self signed cert is
nobody is going to trust it since it is not traceable to a known CA.

> To be able to use noplaintext, what is required for this to be existed?
>

Plain text as you put it or unsecured SMTP will work "out of the box"
with some minor configuration.

Before you set up an MTA though, do a lot of research first and make
sure you know what you are doing. There's a lot of ways to set up an MTA
badly..

--
Peter L. Berghold           Brewer, Dog enthusiast, Crazy Cook

Reply | Threaded
Open this post in threaded view
|

Re: Is it required to have the cert to be able to use TLS?

Wietse Venema
In reply to this post by bilal ghayyad
bilal ghayyad:
> Hi All;
>
> Is it required to have the cert to be able to use the TLS?

It depends primarily on the role: client or server.

> To be able to use noplaintext, what is required for this to be existed?

This is described in http://www.postfix.org/TLS_README.html.
If the document is incomplete please send suggestions.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Is it required to have the cert to be able to use TLS?

bilal ghayyad
In reply to this post by blue_cowdawg

Plain text as you put it or unsecured SMTP will work "out of the box" with some minor configuration.

* I was asking about using noplaintext and not plain, so how I can use noplaintext? Is there any required package to be installed at the server?

Regards
Bilal


--- On Sat, 1/14/12, Peter L. Berghold <[hidden email]> wrote:

> From: Peter L. Berghold <[hidden email]>
> Subject: Re: Is it required to have the cert to be able to use TLS?
> To: "bilal ghayyad" <[hidden email]>
> Cc: [hidden email]
> Date: Saturday, January 14, 2012, 9:00 AM
> On Sat, 2012-01-14 at 05:52 -0800,
> bilal ghayyad wrote:
>
> > Is it required to have the cert to be able to use the
> TLS?
>
>
> Short answer:  yes
>
> More detail:  this can either be a self signed cert or
> one purchased
> from any number of cert suppliers.  Problem with a
> self signed cert is
> nobody is going to trust it since it is not traceable to a
> known CA.
>
> > To be able to use noplaintext, what is required for
> this to be existed?
> >
>
> Plain text as you put it or unsecured SMTP will work "out
> of the box"
> with some minor configuration.
>
> Before you set up an MTA though, do a lot of research first
> and make
> sure you know what you are doing. There's a lot of ways to
> set up an MTA
> badly..
>
> --
> Peter L. Berghold       
>    Brewer, Dog enthusiast, Crazy Cook
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Is it required to have the cert to be able to use TLS?

bilal ghayyad
In reply to this post by bilal ghayyad
Hi All;

>Is it required to have the cert to be able to use the TLS?

> * It depends primarily on the role: client or server.

My question is: To both (cleint and server), do I need? Or only for server?


Regards
Bilal
Reply | Threaded
Open this post in threaded view
|

Re: Is it required to have the cert to be able to use TLS?

Noel Jones-2
On 1/16/2012 4:32 PM, bilal ghayyad wrote:

> Hi All;
>
>> Is it required to have the cert to be able to use the TLS?
>
>> * It depends primarily on the role: client or server.
>
> My question is: To both (cleint and server), do I need? Or only for server?
>
>
> Regards
> Bilal


Generally you must use a certificate for an SMTP MX server to offer
TLS.  It's also generally OK to use a self-signed certificate that
you generate yourself.
http://www.postfix.org/TLS_README.html#quick-start


If this server will also be offering IMAP or POP3 mail service to
end users, you might want to buy a real certificate so the end users
don't get certificate warnings when they fetch their mail.
You can still use a self-signed certificate for setup and testing,
then switch to a purchased certificate later.  There are lots of
sources for low-cost certificates; they work just fine for mail.


  -- Noel Jones