Comments on: Self-signed SSL certificates in Apple Mail http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/ Tips and add-ons to make Apple Mail / Mail.app even better Fri, 05 Dec 2008 10:46:46 +0000 http://wordpress.org/?v=2.5.1 By: LeMasterSystems http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-269911 LeMasterSystems Mon, 12 Nov 2007 22:09:28 +0000 http://www.hawkwings.net/?p=276#comment-269911 I was having the same problem that was described above. I am using Cpanel SSL POP3. After following the directions above, I found that the certificate was now valid (note that I had to add two certificates, one for the incoming and one for the outgoing server). However, Apple Mail continued to pop up asking me if I wanted to connect to this potentially dangerous server. It turns out that if the domain listed in the certificate does not exactly match the "mail.xxx.com" that you have listed in your incoming mail server preferences, mail will automatically present that dialog regardless of whether or not the certificate is valid (there are good security reasons for the behavior). I found that changing your incoming and outgoing server to the domain listed in the certificate solves that problem and there are no more popups. Change your "mail.xxx.com" to what you see on the certificate. Your username: "email+domain_name.com" along with your password will (at least in my case) be sufficient to identify you to the POP server. Hope that works for you, it did for me! I was having the same problem that was described above. I am using Cpanel SSL POP3. After following the directions above, I found that the certificate was now valid (note that I had to add two certificates, one for the incoming and one for the outgoing server).

However, Apple Mail continued to pop up asking me if I wanted to connect to this potentially dangerous server. It turns out that if the domain listed in the certificate does not exactly match the “mail.xxx.com” that you have listed in your incoming mail server preferences, mail will automatically present that dialog regardless of whether or not the certificate is valid (there are good security reasons for the behavior).

I found that changing your incoming and outgoing server to the domain listed in the certificate solves that problem and there are no more popups.
Change your “mail.xxx.com” to what you see on the certificate. Your username: “email+domain_name.com” along with your password will (at least in my case) be sufficient to identify you to the POP server.

Hope that works for you, it did for me!

]]> By: sinnerman http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-92946 sinnerman Fri, 02 Mar 2007 02:55:17 +0000 http://www.hawkwings.net/?p=276#comment-92946 How about this... I click on the icon of the cert in order to drag it to the desktop and it locks up Mail.app. I have to force quit it each time. This happens whether I click or Option-click. It kinda creates a shadow picture like it's going to drag to the desktop and then it stops and, done! locked for good. Now what are my options? TIA By the way: OSX - 10.3.9 How about this…
I click on the icon of the cert in order to drag it to the desktop and it locks up Mail.app. I have to force quit it each time. This happens whether I click or Option-click.

It kinda creates a shadow picture like it’s going to drag to the desktop and then it stops and, done! locked for good.

Now what are my options?
TIA

By the way: OSX - 10.3.9

]]> By: Quinn Comendant http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-90088 Quinn Comendant Fri, 23 Feb 2007 07:45:16 +0000 http://www.hawkwings.net/?p=276#comment-90088 It is also important that the security certificate used matches the hostname set in Apple Mail. For example, if my mail server has a certificate that was generated with the Common Name set to mail.mydomain.com then I must also configure Apple Mail to connect to mail.mydomain.com (as opposed to mail.anotherdomain.com, even if the two domains resolve to the same IP address). It is also important that the security certificate used matches the hostname set in Apple Mail. For example, if my mail server has a certificate that was generated with the Common Name set to mail.mydomain.com then I must also configure Apple Mail to connect to mail.mydomain.com (as opposed to mail.anotherdomain.com, even if the two domains resolve to the same IP address).

]]> By: Matt Weber http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-74541 Matt Weber Fri, 26 Jan 2007 22:54:03 +0000 http://www.hawkwings.net/?p=276#comment-74541 Changing the incomming mail server to the common name of the cert stops Mail.app from prompting you to accept the certificate every time you check your mail. Changing the incomming mail server to the common name of the cert stops Mail.app from prompting you to accept the certificate every time you check your mail.

]]> By: Nate http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-57215 Nate Tue, 02 Jan 2007 20:45:57 +0000 http://www.hawkwings.net/?p=276#comment-57215 Thanks for the great tip! My webhost (and mail) uses SSL POP and I had a similar issue with the "Certificate is not signed by a valid authority" error. This solution worked great for this annoyance also! Thanks for the great tip! My webhost (and mail) uses SSL POP and I had a similar issue with the “Certificate is not signed by a valid authority” error. This solution worked great for this annoyance also!

]]> By: John http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-28908 John Wed, 18 Oct 2006 20:54:14 +0000 http://www.hawkwings.net/?p=276#comment-28908 For those of you experiencing these problems in Panther, the same solution applies - only you place the certificate in the System.keychain, as Panther does not have the X509 Anchors keychain. Follow the directions as described above to obtain the certificate - Make a copy of the System.keychain (option-drag to copy) located in /Library/Keychains to /Users/[username]/Library Keychains Rename that file System2.keychain (or whatever you like) - Then double-click on the certificate and add it to the keychain you just duplicated. Once that's done, rename the keychain back to System.keychain - then copy it back to the /Library/Keychains folder - authorization will be required. It worked for me :) Mail stopped pestering me about accepting the gmail certificate and I was able to again access my gmail via POP. And now some keywords for people searching for a solution to this problem: gmail broken panther accept certificate mail.app It took me a VERY long time to figure out this solution, and hopefully it'll save someone else the headaches :) For those of you experiencing these problems in Panther, the same solution applies - only you place the certificate in the System.keychain, as Panther does not have the X509 Anchors keychain.

Follow the directions as described above to obtain the certificate -

Make a copy of the System.keychain (option-drag to copy) located in

/Library/Keychains

to

/Users/[username]/Library Keychains

Rename that file System2.keychain (or whatever you like) -

Then double-click on the certificate and add it to the keychain you just duplicated.

Once that’s done, rename the keychain back to System.keychain - then copy it back to the

/Library/Keychains

folder - authorization will be required.

It worked for me :) Mail stopped pestering me about accepting the gmail certificate and I was able to again access my gmail via POP.

And now some keywords for people searching for a solution to this problem:

gmail broken panther accept certificate mail.app

It took me a VERY long time to figure out this solution, and hopefully it’ll save someone else the headaches :)

]]> By: Televisionmind » Blog Archive » Self-Signed SSL Certificates in Apple Mail http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-26765 Televisionmind » Blog Archive » Self-Signed SSL Certificates in Apple Mail Wed, 04 Oct 2006 21:25:51 +0000 http://www.hawkwings.net/?p=276#comment-26765 [...] (see stephanie’s comment in this post) Published in: Whatever | on October 3rd, 2006 | [...] [...] (see stephanie’s comment in this post) Published in: Whatever | on October 3rd, 2006 | [...]

]]> By: Stephanie's mail host sysadmin http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-922 Stephanie's mail host sysadmin Sun, 15 Jan 2006 06:46:24 +0000 http://www.hawkwings.net/?p=276#comment-922 Stephanie's problem turned out to be that the Common Name in the certificate did not match the POP/IMAP hostname she was using to access the server. The names must match exactly; if the Common Name is example.org, then you can't be using mail.example.org as the POP host, or vice-versa. Stephanie’s problem turned out to be that the Common Name in the certificate did not match the POP/IMAP hostname she was using to access the server. The names must match exactly; if the Common Name is example.org, then you can’t be using mail.example.org as the POP host, or vice-versa.

]]> By: Dan_ce http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-896 Dan_ce Thu, 12 Jan 2006 18:41:26 +0000 http://www.hawkwings.net/?p=276#comment-896 Hey up birdies. Mine does this (Cpanel website), the difference is my cert is expired. How about that? Hey up birdies. Mine does this (Cpanel website), the difference is my cert is expired. How about that?

]]> By: Stephanie http://www.hawkwings.net/2005/10/28/self-signed-ssl-certificates-in-apple-mail/#comment-891 Stephanie Thu, 12 Jan 2006 03:42:32 +0000 http://www.hawkwings.net/?p=276#comment-891 I'm also having this problem. No matter what I do, the error continues to pop up. :( I’m also having this problem. No matter what I do, the error continues to pop up. :(

]]>