Fighting Apple over SSL mail

As I’ve been setting up this domain I’ve been trying to get both my MacBook and my iPod touch to talk to my new mail servers.  You’d have thought that this should have been pretty straightforward (I did).

Since I have the option of using either unencrypted or SSL protected connections to the mail servers I wanted to use the SSL option.  I’ve gone for long enough sending my login details in plain text so this was the time to change.

Although I’ve pretty much got everything working now I’ve spent a couple of hours fighting the various apple mail programs to get this to work.

My major problem seemed to stem from the fact that the imap and smtp servers were using a self-signed certificate to set up the connection.  I started with my laptop which threw up a warning about the unrecognised signing authority (fair enough), and let me make a one off exception.  However there is no obvious way to tell mail to always trust this certificate so it throws up the dialog every time you start up mail.

After much googling I found that the answer was:

  • Open mail and get up the warning dialog
  • Choose to examine the certificate
  • Once the certificate is visible drag the picture of the certificate at the top left onto the desktop.  This should create a .cer file
  • Double click on the certificate file on your desktop
  • Change the keychain option to X509Anchors (importing it into login is not enough)
  • Import the certificate

You should now find that the certificate is flagged as trusted and you won’t get the warning when launching mail.

Flushed with success I turned to the iPod touch.

In principle the imported certificate should sync across to the iPod through iTunes.  I tried attaching it to a mail but there’s no option to import from an attachment.

Setting up the connection proved to be a pain again though.  The problem was that when you’ve entered the details of your new account the iPod does a connection check to the various servers to ensure that you’ve entered everything correctly.  Unfortunately whatever checks it does take ages to complete, long enough in fact that the iPod goes back into sleep mode.  If it sleeps then this breaks the connection and you have to start over again.

I only got it to work eventually by sitting tapping the screen for around 5 mins whilst the checks eventually completed.  The response from the servers now that the account is set up is very quick so I’ve no idea what it spent its time doing when setting things up.  During the checks I got two warnings about the self signed cert (despite syncing with iTunes), but I’ve seen nothing since so hopefully I won’t see those again.


Published:October 10, 2008


Bookmark the permalink

Both comments and trackbacks are currently closed.