|
|
Are you sure everything is ok?
As I'm doing this exact thing, and Mail.app has no problem with it whatsoever...
Did you make yourself a Certificate Authority certificate as well? This is necessary for a proper self-signed certificate... Does the name defined in the certificate match the name by which you are contacting the server ?
In my experience, it's only Internet Explorer and Entourage/OE that have problems with self-signed certificates on Macs, as they (unlike most browsers) have no facility to directly add a CA to your list of CA's.
To get around this, you can either:
* From the CLI export your CA certificate in DER format, then put it on a website.
* Using IE on a PC, access a website running on the box with your self-signed certificate, and you will be prompted to examine the certificate and asked whether to add it to the list of trusted CA's. In the middle of this process, you can choose to export the certificate for the CA in DER format. Put this on a website.
Once you've done one of these (the second way is easier, but requires a web server with SSL running on the box, the former is a bit more difficult to work out the correct syntax) access the website where you have put the DER certificate using Internet Explorer. You will then be prompted whether you wish to trust the new Certificate Authority or not.
(For an example, look at one of my certificates).
Once you've done this, Entourage/OE will trust your CA and you can run an SSL connection without complaints.
As I said at the beginning, Mail.app seems to have no problems with a self-signed certificate in my environment. Other browsers also will prompt you as to whether you wish to add the CA, but IE is kind of braindead and you have to do it in this roundabout manner...
Are you sure everything is ok?
btw, for clicking on that link to one of my certificates, do it with IE. Omniweb doesn't seem to work, but also has no problems connecting to a self-signed certificate SSL site.
Are you sure everything is ok?
Did you make yourself a Certificate Authority certificate as well? This is necessary for a proper self-signed certificate...Yes - the CA key is what I added to my store, as we use it to sign keys for a bunch of internal stuff we don't feel like paying Verisign to use. Does the name defined in the certificate match the name by which you are contacting the server ?Yes - I issued those servers certificates which match the CNAME they're accessed by. And yes, IE/OE are a pain in the ass to add the certificate to. (Even worse than Eudora, which just quietly gives up) When I get some spare time, I want to find where IE hides its certificates and write a little installer to add our certificates there.
Are you sure everything is ok?
Well I dunno what's going wrong with Mail.app in your case then, I've just got a stock standard 10.1.3 install on my laptop (hosed it by installing too much stuff from Darwin CVS... :( and from watching my logs, the SSL connection gets negotiated just fine...
Are you sure everything is ok?
Well I dunno what's going wrong with Mail.app in your case then, I've just got a stock standard 10.1.3 install on my laptop (hosed it by installing too much stuff from Darwin CVS... :( and from watching my logs, the SSL connection gets negotiated just fine... |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.05 seconds |
|