I don't know that it's evil per se to use a self-signed certificate and the costs for certificates is quite high.

However, I will say that the new service that enom offers for ~$20 seems very good for an annual certificate. It's so cheap I can't justify doing it otherwise.

Regards, KAM ----- Original Message ----- From: Alaric Dailey To: fg Cc: stunnel-users@mirt.net Sent: Friday, December 28, 2007 2:25 PM Subject: Re: [stunnel-users] Avoiding outlook express warning...

1. Use a cert from a CA that is included in the MS Certificate Store 2. Add your cert to the store

Using self-signed certs is evil, get one from a CA, if you don't want to pay, you can use StartCom ( www.startssl.com ) which is included with every browser EXCEPT IE, and add it to your machines certificate store to avoid the warning with OE or other MS products. However, if you use Thunderbird the StartCom root cert is already included.

fg wrote: Hello all I use stunnel on a server with a stunnel.pem file generated with openSSL,( this file is not certified with verisign or others...) Each time i launch outlook express on a client a have a warning saying that the server is using a certificate who can't be verified.... I have to close this warning and after all is ok...

Question Is it possible to skip this warning? perhaps with a public key approuved in outlook express???

thanks for help

---------------------------------------------------------------------------- Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail ---------------------------------------------------------------------------- _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users

------------------------------------------------------------------------------

_______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users