Hi all: So I want to install a certificate from GoDaddy to secure POP3 and IMAP. I created a new key file and signing request file via openssl and submitted them to GoDaddy. I used the external DNS name of the GW2014 server (mail.ourdomain.com) in the certificate. GoDaddy promptly issued a new certificate which I examined. All looks good in the cert, the name is correct, and it chains back to GoDaddy. I then installed the certificate into our GWIA.

So I have a user who runs Thunderbird on XP (yes, I know but he refuses to change and he owns the company) and he is reporting that Thunderbird/XP will not permanently except the certificate and warns that the certificate is not trusted. The documentations I have read talks a lot about generating self-singed certs using the GW internal CA, but only discussed the use of externally-signed certs from the perspective of installing them. I am wondering if I generated the certificate incorrectly.

Suggestions would be greatly appreciated. Chris.