First, you will need the pem format of certs (for Apache-ssl + courier-imap-ssl). These are coming off of a Debian 3.0 unstable server. You will need root to grab these. After grabbing these pem files, execute the command:
% openssl x509 -in imapd.pem -inform pem -out imapd.der -outform derReplace the filenames as necessary. Then you will need to grab the *.der files to your system. FTP or SCP to do the job. I did this for my imap-ssl and Apache so there are two files. Then, following the previous posts, do this:
% sudo cp /System/Library/Keychains/X509Anchors ~/Library/Keychains/X509Anchors % cd ~/Library/Keychains % certtool i imapd.pem k=X509Anchors dAgain, replace file names as necessary. The files should add with this message: ...certificate successfully imported. Now, you need to copy the X509Anchors back:
% sudo cp ~/Library/Keychains/X509Anchors /System/Library/Keychains/Now, when you load up Mail.app or Safari, you should not get a warning about the integrity of the certs. Awesome.

