On 6/8/22 03:18, Carlos E. R. wrote:
Curio: my mail provider SMTP server used a self-signed certificate with the "example" text fields of whatever Linux implementation they used (my guess). I could see, for many moons (years), the "example" text, "do not use for production" in my smtp logs when sending email:-D
Most mail client just what to know whether ssl/tls is available and don't check the actual content of the certificate. Most ignore the content for SMTP (sending) purposes. So far I've only run into the new IOS that balks on the (receiving) if the content (or even expiration date) is invalid. The irony is that you can set your receiving up in IOS with a self-signed certificate, (IOS will accept that it is self-signed) but when that certificate is replaced (due to the 1 year expiry, etc..) it has no mechanism to accept the new certificate. You can create a new signing cert and key from the private key and update the expiration without "creating" a new certificate, but the updated cert with lack the MozV3 extensions for the "role" of the original cert. I haven't found a way to update while preserving that content. Easiest way I've found is just to go legit. I was much easier than I had envisioned and IOS is happy. -- David C. Rankin, J.D.,P.E.