i've had an imap server running for a while using inetd, and i decided recently to try implementing it with ssl using stunnel. so i added the following line to my /etc/inetd.conf:

and /usr/stunnel/imaps.conf has only the following:

i opened tcp port 993 on my firewall and set up port forwarding from my router to my server. i can now connect successfully using thunderbird with ssl. my problem though, is that thunderbird refuses to recognize the certificate permanently. when i click on that mailbox, a dialog box pops up asking if i would like to

a) accept this certificate permanently
b) accept it for this session only
c) do not accept this certificate and do not connect to this website

if i select choice a, the dialog box simply refreshes. so i select choice b and continue, but i get an error message saying:

i click OK and continue without trouble. i can check my mail, send mail, and everything is ok. but i have to go through all that every time i start thunderbird, which is not cool.

i figure i need to issue myself a new certificate for "ironmonkey.homelinux.net" instead of just "ironmonkey." so i struggled through the openssl man page, and the openssl req man page, since i believe that's the command to issue a new certificate. i tried the following:

and then edited /etc/stunnel/imaps.conf to use req.pem as the certificate. unfortunately, thunderbird then gives me an error saying:

which is clearly crap. anyone know what i did wrong?

doh! silly me. so i copied the contents of key.pem and req.pem into a new file called imaps.pem. then i pointed my config file to that as my certificate, and everything works perfectly now. sorry to waste everyone's time! although since i already have this topic open, does anyone have any further suggestions or comments?