Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.3: Importing self-signed SSL certificates' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Importing self-signed SSL certificates
Authored by: jelwell on Oct 28, '03 06:14:01PM

Am I missing something? This doesn't work for me. I import the der file (note the steps seem a bit off):

% sudo cp /System/Library/Keychains/X509Anchors ~/Library/Keychains/X509Anchors
% cd ~/Library/Keychains
% certtool i imapd.pem k=X509Anchors d

The third item should probably be "certtool i imapd.der k=X509Anchors d"

Anyways, I can see my certificate imported properly but Mail still asks me once per session to verify the certificate.

Even apple's tech note imports (with much more ease) but notice that the tech note says you can import the cert, but mail will still ask!


[ Reply to This | # ]
10.3: Importing self-signed SSL certificates
Authored by: BraindeadMac on Oct 28, '03 07:37:44PM

See my above comment for more detail, but the "Common name" must match the server name, so you may need to recreate your self-signed certificate. Instead of entering "Your name" as instructed by openssl, enter your hostname (e.g., localhost)!

[ Reply to This | # ]
10.3: Importing self-signed SSL certificates
Authored by: logo on Mar 19, '04 03:49:23AM
This last comment has helped me to a solution to a half year struggle.
Last fall the certificate of my Mail-Provider expired. That started the popup for each of my four mail accounts!!!
The problem lasted until yesterday when I had a closer look at the message. The certificated was renewed (probably a couple of months ago) yet the registered server name had changed from to Changing the mail-Server's name in the account setups fixed the problem.

So in addition to the hint: the account's logical server name must match the certificate's server name!!!


[ Reply to This | # ]