Re: [exim] SSL Certificates and EXIM

On Wed, Oct 06, 2004 at 11:17:04PM +0200, Giuliano Gavazzi said:
> At 2:20 pm -0400 2004/10/06, Walt Reed wrote:
> >In another post, I just mentioned using a cert from instantssl ($125 for
> >3 years...) I had been using my own generated one (my own CA) for a
> >while and had client problems... Getting lots of clients to properly
> >trust my CA was a pain in the ass. Some (Mail.app on OSX) would randomly
> >forget that the cert was trusted. Bah! Enough..
>
> strange. The only problem I am aware with Mail.app is that sometimes
> it mixes up smtp servers (if you have more than one defined).
> Did you put the root certificate in /System/Library/Keychains/X509Anchors ?
> That is what is required by both Mail and Safari.
> Giuliano

Yep. IMHO, there is some major problems with the entire keychain
managament system. It's just not reliable - constantly forgetting
passwords, not trusting certs that you add to the keychain, etc. It's
intermittant. Google shows countless stories of people experiencing these
problems.

Back on topic though... I have found that trying to support hundreds of
users both corp and home machines (to read/send mail remotely) with a
huge mix of operating systems / clients and versions is a total pain.
The labor support cost is Much higher than the cost of the cert. Heck,
even with just a dozen users I'll spring for the cert. Then everything
"just works". It only takes one or two support calls to save the cost of
the cert.