6280 - opening an IMAP SSL (self-signed) email box

Similar Messages

• Can't access IBM mainframe 3270 session via SSL self-signed cert.

  Can't access IBM mainframe 3270 session via SSL self-signed cert since sometime last week. Using Mochasoft tn3270 lite on android works fine but iPad ios7 says "IBM mainframe has closed the session".  Any clues would be appreciated.

  I'm thinking the problem may be the IBM cert is 1024 bit. Investigating choices to implement 2048 bit cert into IBM.

• IMAP with self-signed certs?

  I don't yet have my iPhone (ordered online), but I'm wondering if the email client can use IMAP servers via SSL that use a self-signed certificate. Can anyone test that or confirm/deny it based on some kind of published Apple documents or something? I haven't found a solid answer in my searchings.

  I can tell you it was a PITA to get working - I first tested sans ssl, then had to reset the iPhone before it would completely forget the old mail config (due to my playing w/ :port# tacked onto the hostname). Plus the iPhone docs need a small amount of work, I think.
  Is courier listening on port 993 for imaps? That's what the iPhone will use when you turn on 'secure incoming'.
  Setting the :port# in the server field only works for the outgoing server. Don't explicitely set it for incoming, else you'll go through the same aggravation I did (and eventually reset and enter it from scratch).

• SSL (Self Signed Certificate) in Business Connector

  After going through hundreds of messages, I am still not clear  about the steps involved in including SSL certificate with HTTP protocol.
  1. Instead of subscribing to Trusted Certificate Authority, can we ceate a Self Signed Certificate? If yes, how?
  2. Can anyone please explain the steps involved in including SSL certificate (configuring/importing the certificate)? We are successfully calling HTTP and sending the XML document to a HTTPS URL with authorized user name and password. I need to include SSL certificate to complete the requirement. I have looked at all the PDF documents that are available with BC installation and looked at many forums and still haven't found the answers.
  Thanks in advance.

  Hi Ramesh.
  When untrusted root certificates may be acceptable
  Some CAs may be trusted, but in only a very limited way. For example, a company with employees in diverse
  locations can make internal documents available to all its employees by setting up a Web site on an intranet that
  is only accessible from inside the corporate LAN (i.e. people on the Internet cannot see it). If there are
  documents on this site that should have limited access within the company (such as strategic plans or personnel
  documents), then these can be protected with SSL.
  Since both the servers as well as the browsers are on corporate-controlled equipment, it is well within the
  companyu2019s interests to act as its own CA. This means that the company can generate its own root certificate
  with which it can sign as many SSL certificates as required for the servers deployed in its intranet. Once this is
  done, this certificate should be installed into the certificate stores of all the browsers used in the company. Since
  the computers these browsers run on are controlled by the company, this is easy to do: the corporate IT
  department can have a policy that the companyu2019s root certificate is installed in the browseru2019s certificate store
  whenever a new computer is set up. This prevents security warnings from being displayed whenever an
  employee accesses an SSL-secured site on the company intranet.
  The advantage to the company is that it can deploy secured sites anywhere on its intranet without purchasing
  certificates from an external CA. Note that if the company also runs an e-commerce site, then it should purchase
  its SSL certificate from a trusted CA and not use an internal one for sites accessible to the public, who will not
  have the certificate installed by the corporate IT department, and thus would receive a security warning.
  In such an environment, an unscrupulous employee (most likely a member of the IT team) who has access to
  the private key could launch very successful MITM attacks against employees who visit SSL-protected ecommerce
  and e-banking sites at work. This will be discussed later in this document. However, the company
  can easily protect itself by warning employees not to visit such sites on company time or equipment, since they
  are not u201Cbusiness related activities.u201D
  Please see this doc related to trusted and untrusted certificate.
  http://www.sericontech.com/Downloads/Untrusted_Root_Certificates_Considered_Harmful.pdf

• Safari 7 on OSX 10.9 not enjoying SSL self signed certificates

  Hello people from the web,
  I am experiencing a weird issue with self signed certificates. Since I upgraded to OSX 10.9 (Maverick) I am not able to connect to an HTTPS site protected by a self signed SSL certificate. The only remaining browser on my computer able to do the trick is Firefox (24). Chrome (30) and Safari (7) cannot.
  Have you experienced the same issue? Have you found a solution?
  On my quest for a solution I found this article:
  http://curl.haxx.se/mail/archive-2013-10/0036.html
  However it seems to me this is more the webkit common engine causing the issue. Is it possible that Webkit has become more picky with SSL Certificates? In which case how to generate a cutom one that would suit Safari 7 and Chrome 30+?
  Thank you for any help you could provide
  Oscar

  Safari - Unsupported third-party add-ons may cause Safari to unexpectedly quit or have performance issues
  Safari/other browsers – Website not loading
  Safari Problems

• Change SSL self-certificate email contact and default apple ID on mac mini server

  Hello,
  I just received my mac mini server and started to set it up.
  I bought this computer with my regular apple id account that I use with my 2 MBPs.
  When installing the mac mini computer I connected my Mac Mini Server to my regular apple ID account.
  The issue is that I don't want to share my MBP account details on this Mini Server computer (software update, server notification push, SSL certificate contact e-mail...) not to mess things up between all my macs.
  My question is :
  I created a new apple ID for this computer with a different contact email etc.
  How do I change the default ID for the whole mac mini settings ?
  I already changed the user settings in the OSX user pref pane, the new mail is updated.
  I already changed the icloud apple ID with the new one it's updated.
  I already changed the alert notification push recipient e-mail in server.app it's updated.
  BUT still, if I want to change the "self-SSL certificate" for a new one with my new apple ID account, the e-mail contact is still my old one which I bought the computer with.
  How do I change that ?
  Also I want to be able to update my apps on this computer without using the apple ID account I bought the mac mini with (and my 2 MBP, iphone etc), but with the new dedicated apple ID for this McMini.
  Is there a software transfer trick to separate computers softwares from a mac to another?
  thanks for your precious help.
  Damian

  Hello,
  I just received my mac mini server and started to set it up.
  I bought this computer with my regular apple id account that I use with my 2 MBPs.
  When installing the mac mini computer I connected my Mac Mini Server to my regular apple ID account.
  The issue is that I don't want to share my MBP account details on this Mini Server computer (software update, server notification push, SSL certificate contact e-mail...) not to mess things up between all my macs.
  My question is :
  I created a new apple ID for this computer with a different contact email etc.
  How do I change the default ID for the whole mac mini settings ?
  I already changed the user settings in the OSX user pref pane, the new mail is updated.
  I already changed the icloud apple ID with the new one it's updated.
  I already changed the alert notification push recipient e-mail in server.app it's updated.
  BUT still, if I want to change the "self-SSL certificate" for a new one with my new apple ID account, the e-mail contact is still my old one which I bought the computer with.
  How do I change that ?
  Also I want to be able to update my apps on this computer without using the apple ID account I bought the mac mini with (and my 2 MBP, iphone etc), but with the new dedicated apple ID for this McMini.
  Is there a software transfer trick to separate computers softwares from a mac to another?
  thanks for your precious help.
  Damian

• Tif files sent to myself and a few other people arrived in my email as files to open and arrived at a friends email box open already???Why

  jpegs always arrive unopened but open with no degradation of quality whereas the tif file opening with picture viewer are degraded and almost unusable.

  This sounds like you do have a corrupted Inbox file.
  First of all create a backup of your profile folder.
  http://kb.mozillazine.org/Thunderbird_:_FAQs_:_Backing_Up_and_Restoring
  Then try to repair Inbox.
  Right-click Inbox - Properties - Repair Folder

• Abandoning Self-Signed SSL Certificates?

  Hello,
  I'm working on remediation of some security flaws and have encountered a finding that calls out each of my domain-added workstations as having self signed SSL certificates.  I'm not an expert on the subject, but I do know the following things:
  1)  An earlier finding lead to me disabling all forms of SSL on my servers and workstations
  2)  Workstations use certificates to identify themselves to other domain assets.
  Now my servers all have their own certs signed by an outside authority.  However, it would be a huge amount of work to go through the process for each and every workstation.  So my questions are these:
  1)  Can I create a NON-SSL self signed cert for these machines to use?
  2)  How do I remove these current SSL certs without having to hover over each workstation?
  Basically, what's the least effort to remove self-signed SSL certs and replace them with something more secure?
  Thanks,
  M.

  What do you mean when you say that you've disabled all forms of SSL on your servers and workstations? SSL serves to provide secure communications for all of your domain operations, so disabling SSL, in general, would likely break your entire domain. If you're
  using certificates on your workstations, then you're using certificate-based security (IPSec) in some manner.
  Do you have AD CS or some other certificate signing authority/PKI in your environment? If not, you would have to pay a public provider (i.e. VeriSign) to provide certificates, and I can assure you that gets very expensive.
  If you have Microsoft servers in your environment, you can install and use Certificate Services to provide an internal signing mechanism which can be managed through group policy. You can replace all of the workstation certificates with ones signed by your
  internal certificate authority (CA,) and those will pass muster with any auditor provided the appropriate safeguards are put into place elsewhere in your environment.
  Least effort for you would be to implement an internal CA, which admittedly isn't a low-effort endeavor, and have the CA assign individual certificates to all of your machines, users, and any other assets you need to protect. If your auditors are requiring
  the removal of the self-signed certificates, you might find a way to script the removal of the certificates. In my experience, however, most auditors just want IPSec to be done with certificates that terminate somewhere other than the local workstation (i.e.
  an internal CA).

• IMAP Mail Setup with self-signed SSL certs

  I am unable to set up IMAP access to an email account of mine on the new iPhone mail app. The setup stalls at "verifying" and I can't seem to save the info entered and then disable SSL in the advanced setup.
  Also, it doesn't seem possible to install SSL certs out of safari. On the computer I was able to navigate to the server via https and permanently accept the SSL cert. The option doenst exisit in Safari Mobile. If you have the servers cert (.der) file in the web root of the server, possible to download and install the certificate. This solved a similar problem for my ExchangeMail push with our Kerio server. Unfortunately, the certificate file of that other IMAP account is unavailable..

  If possible, instead of configuring it on the iPhone, try configuring it on your computer and using iTunes to sync the configuration itself to the iPhone. I am connecting fine to an IMAP server with a self-signed certificate. The first time I opened Mail (on the iPhone) it prompted me with a dialog saying the certificate was invalid but I was able to accept it. Since then, it has never prompted me again about validity of the certificate (even after rebooting the phone) so I believe the Mail program can permanently accept a self-signed certificate.
  And yes, there doesn't seem to be a way for Safari Mobile to permanently accept self-signed certificates. I have read that the iPhone is supposed to pull certificates from the Keychain but this does not appear to be the case.

• Local, self-signed cert for SSL IMAP on Tiger?

  I have a co-located Xserve running Server 10.4.11 (Up time: 380 days!) with IMAP, where I have admin access to install SSL certificates, but I don't quite have the justification to purchase one from a CA.
  I also have several Mac computers where I read my email via IMAP with SSL encryption, and I was wondering if there is any way that I could install a self-signed certificate on my local computers that matches my Xserve and would be sufficient to make Mail.app stop complaining about my server.
  I've been searching the web for tutorials on SSL, thinking that there must be some kind of provision within SSL where I could just set up all machines to be aware of a self-signed certificate in a protected file somewhere on each computer, and I assume that it should be possible to make SSL happy to talk between my own computers. But it seems that most SSL tutorials focus on https, not IMAP or other non-web networking connections. Also, I have a sinking feeling that if I did find information, then it might not be appropriate for the exact directory structure of Tiger. If anyone can help or provide pointers, it would be most appreciated.
  P.S. I could potentially used a "free" signed certificate, but it is attached to a virtual domain that I am hosting on my Xserve, and I assume that it wouldn't match the domain of my email unless I juggle things around. Also, that free cert would eventually expire, and then I'll be back to the current situation of needing to use a self-signed cert.

  Never mind. I figured it out.
  First of all, my Xserve certificate did not have the full FQDN, just a convenient subset. I created another self-signed cert with the true FQDN. I saw some hints around the web saying that Mail.app will always complain if the DN does not match.
  Second, it turns out that Keychain Access is where the local certs live, and in Tiger I needed to drag the cert to my Desktop, open it, and store it in the x509 section.
  All is good. Now to see how my iPhone likes the new certs...

• IMAP SSL doesnt work in iOS 8.0.2 with self-signed cert.

  Got several mailaccounts setup on my iPhone, four of them is LDAP SSL with the server running self-signed cert (expires 2039).
  When I upgraded to iOS 8.0.2 (iPhone 5S) I got problem with Network settings so I did a "Reset Network Settings" (General > Reset).
  After that all my LDAP SSL based emailaccount cannot be "Verified". I have tried reinstall them all but cannot even set them up anymore!!
  I then setup with EXACTLY the same settings in Mail on my MacAir and it did work like a charm instantly. (Im working as a IT Tech so this is peanuts).
  I have even tried to import the certificate (.pem) from Keyaccess Chain into my iPhone. So that one is installed.
  In older iOS you could tell "Continue" when it said "Certificate is not trusted". Just clicked Continue and it worked anyway!
  What to do?
  In iOS 8.0.2 this is not showing to accept the certificate! Now it only shows:

  Nothing anyone here can do, but you should report it to Apple: http://www.apple.com/feedback/

• Renew Exchange 2007 self signed SSL cert : Warning

  Hi,
  We are getting an issue with the new SSL certificate being created. 
  WARNING: This certificate will not be used for external TLS connections with an
  FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate with thumbprint
  '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The following
  connectors match that FQDN: Send to Internet. 
  Heres the code below:
  [PS] C:\Windows\System32>get-exchangecertificate | list
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                       .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                       X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : False
  Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
  NotAfter           : 7/23/2014 1:46:15 PM
  NotBefore          : 7/23/2012 1:46:15 PM
  PublicKeySize      : 2048
  RootCAType         : Enterprise
  SerialNumber       : 52F90CEC000000000005
  Services           : IMAP, POP, IIS
  Status             : Valid
  Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                       ph
  Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                       ty.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], autodiscover.[mydomain.ph], autodiscover.
                       [mydomain.com], pploex2k7.[mydomain.ph], mail1.[mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : False
  Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
  NotAfter           : 7/23/2014 11:44:05 AM
  NotBefore          : 7/23/2012 11:44:05 AM
  PublicKeySize      : 2048
  RootCAType         : Enterprise
  SerialNumber       : 5289341C000000000003
  Services           : IMAP, POP, SMTP
  Status             : Valid
  Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                       ph
  Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
  [PS] C:\Windows\System32>get-exchangecertificate 1B6705DB9755A75E94F5B05081AEDED
  3A0065D4A | New-ExchangeCertificate
  WARNING: This certificate will not be used for external TLS connections
  with an FQDN of 'PPLOEX2K7.[mydomain.ph]' because the CA-signed certificate
  with thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes
  precedence. The following connectors match that FQDN: Default PPLOEX2K7.
  WARNING: This certificate will not be used for external TLS connections
  with an FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate
  with thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes
  precedence. The following connectors match that FQDN: Send to Internet.
  Confirm
  Overwrite existing default SMTP certificate,
  '99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB' (expires 7/23/2014 11:44:05
  AM), with certificate 'F835E526BC8D3805E7AA230A17C5971872D3759C'
  (expires 7/22/2015 10:17:51 AM)?
  [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
  (default is "Y"):y
  Thumbprint                                Services  
  Subject
  F835E526BC8D3805E7AA230A17C5971872D3759C  .....      C=ph, S=NCR, L=Pasig, O...
  [PS] C:\Windows\System32>get-exchangecertificate | list
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                       ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                       ssControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                       .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                       X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : C=ph, S=NCR, L=Pasig, O=Mydomain, OU=IT, CN=mail1.mydomain.c
                       om
  NotAfter           : 7/22/2015 10:17:51 AM
  NotBefore          : 7/22/2014 10:17:51 AM
  PublicKeySize      : 2048
  RootCAType         : None
  SerialNumber       : 6B5A6E27C63C36A54FDD3E07FF982497
  Services           : IMAP, POP, SMTP
  Status             : Valid
  Subject            : C=ph, S=NCR, L=Pasig, O=Mydomain, OU=IT, CN=mail1.mydomain.c
                       om
  Thumbprint         : F835E526BC8D3805E7AA230A17C5971872D3759C
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                       .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                       X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : False
  Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
  NotAfter           : 7/23/2014 1:46:15 PM
  NotBefore          : 7/23/2012 1:46:15 PM
  PublicKeySize      : 2048
  RootCAType         : Enterprise
  SerialNumber       : 52F90CEC000000000005
  Services           : IMAP, POP, IIS
  Status             : Valid
  Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                       ph
  Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                       .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                       ty.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {mail1.[mydomain.com], autodiscover.[mydomain.ph], autodiscover.
                       [mydomain.com], pploex2k7.[mydomain.ph], mail1.[mydomain.ph]}
  HasPrivateKey      : True
  IsSelfSigned       : False
  Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
  NotAfter           : 7/23/2014 11:44:05 AM
  NotBefore          : 7/23/2012 11:44:05 AM
  PublicKeySize      : 2048
  RootCAType         : Enterprise
  SerialNumber       : 5289341C000000000003
  Services           : IMAP, POP, SMTP
  Status             : Valid
  Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                       ph
  Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
  Services: [PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint F835E5
  26BC8D3805E7AA230A17C5971872D3759C -Service IIS, SMTP, IMAP, POP
  WARNING: This certificate will not be used for external TLS connections with an
  FQDN of 'PPLOEX2K7.[mydomain.ph]' because the CA-signed certificate with
  thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The
  following connectors match that FQDN: Default PPLOEX2K7.
  WARNING: This certificate will not be used for external TLS connections with an
  FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate with thumbprint
  '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The following
  connectors match that FQDN: Send to Internet.
  [PS] C:\Windows\System32>

  Hi Jammizi,
  I collect some information from the command results as below:
  1. When run Get-ExchangeCertificate | FL command, it returned 2 certificates.
  •Certificate01
  Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
  IsSelfSigned       : False
  Services           : IMAP, POP, IIS
  •Certificate02
  Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
  IsSelfSigned       : False
  Services           : IMAP, POP, SMTP
  2. When run Get-ExchangeCertificate 1B….4A (Certificate01) | New-ExchangeCertificate, got warning.
     Overwrite Certificate02 (99…BB) to Certificate03 (F8…9C).
  3. When run Get-ExchangeCertificate | FL command, it returned 3 certificates.
  •Certificate03
  Thumbprint         : F835E526BC8D3805E7AA230A17C5971872D3759C
  IsSelfSigned       : True
  Services           : IMAP, POP, SMTP
  •Certificate01
  Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
  IsSelfSigned       : False
  Services           : IMAP, POP, IIS
  •Certificate02
  Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
  IsSelfSigned       : False
  Services           : IMAP, POP, SMTP
  4. When run Enable Certificate03 command, got warning.
  According to the information above, please notice that both Certificate01 and Certificate02 are not Self-signed certificate. And the New-ExchangeCertifiate command in Exchange 2007 server is to new an Exchange Self-signed certificate. I suggest double check
  whether your org has self-signed certificates. If your org only need 3rd party certificates without self-signed certifcate, I suggest apply a new certificate from CA.
  Thanks
  Mavis
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Mail.app: Self-Signed SSL Certificates

  How can I make mail trust self signed mail certificates FOREVER? As it is now, I have to tell Mail.app to always trust the cert for each email account, every time I launch mail. Then it remembers to trust it until I quit mail, then I have to re-tell it all over again. This is bearable on my desktop but on my laptop, where I need SSL the most, I'm constantly logging in and out and rebooting, and it drives me crazy.
  FYI it's my own server, running Mac OS X Server. And I'm not buying a certificate, it's the encryption I'm after

  First, the certificate must match the name Incoming Mail Server that your clients are using. For example 'mail.acme.com'. So, when creating the self-signed certificate, the common name that you enter would be 'mail.acme.com'. If you don't do this, you will always be prompted about the certificate when you relaunch Apple mail.
  Just for clarification, here is how you should trust the self-signed certificate on the Macs that are using Apple Mail:
  1. When you get the prompt about the certificate, click the show certificate button.
  2. Drag the icon of the Certificate on the left in the Show Certificate dialog box to the desktop. This will create a document on your desktop named 'mail.acme.com.cer'.
  3. Double click the certificate on the desktop which will open an Add Certificate dialog box.
  4. Depending on the version of Mac OS X that you are running, what you do next will vary a little.
  Leopard
  1. Click the drop down next to keychain and select System
  2. Open Keychain Access (Applications/Utilities) if it is not already open
  3. Click System on left hand side under Keychains
  4. Locate the 'mail.acme.com' certificate on the right and double-click it to open it. (NOTE: I had to quit Keychain Access and reopen it before the certificate showed up under System for me for some odd reason)
  5. Click the gray triangle next to Trust to expand the Trust section of the Certificate.
  6. Select Always Trust from the drop down next to 'When using this certificate'
  7. Close the certificate window and then quit out of Keychain Access
  8. Click the continue button back in Apple Mail if the Certificate dialog is still present.
  9. Quit out of Apple Mail and the relaunch it again. This time you should not see the certificate dialog alert.
  Tiger
  1. Click the drop down next to keychain and select X509Anchors
  2. Open Keychain Access (Applications/Utilities) if it is not already open
  3. Click System on left hand side under Keychains
  4. Locate the 'mail.acme.com' certificate on the right and double-click it to open it.
  5. Click the gray triangle next to Trust to expand the Trust section of the Certificate.
  6. Select Always Trust Settings from the drop down next to 'When using this certificate'
  7. Close the certificate window and then quit out of Keychain Access
  8. Click the continue button back in Apple Mail if the Certificate dialog is still present.
  9. Quit out of Apple Mail and the relaunch it again. This time you should not see the certificate dialog alert.
  This worked for me. I hope this works for you too.

• Accessing websites running on non-standard ports or with self-signed ssl certs?

  I've got some sites running using self-signed ssl's that also run on non-standard ports. Firefox home doesn't seem to open these pages it just sits there with the spinner loading and a blank screen...
  Anyone else noticed this?

  If the ASA is using a certificate issued by a CA that is in the client's trusted root CA store, then the ASA identity certificate does not need to be imported by the client.
  That's why it's generally recommend to go the route of using a well-know public CA as they are alreay included in most modern browsers and thus the client doesn't need to know how to import certificates etc.
  If you are using a local CA that is not in the client's trusted root CA store to issue your ASA identity certificate or self-signing certificates on the ASA then you need to take additional steps at the client.
  In the first case, you would import the root CA certificate in the trusted root CA store of the client. After that, any certificates it has issued (i.e the ASA's identity certificate) would automatically be trusted by the client.
  In the second case, the ASA's identity certificate itself would have be installed on the client since it (the ASA) is essentially acting as it's own root CA. I usually install them in my client's Trusted Root CA store but I guess that's technically not required, as long as the client knows to trust that certificate.

• Error Re-opening Self-Signed Extensions on OS X

  I offer several free and paid self-signed extensions through Add-Ons. Some users have been reporting a peculiar error: users are usually able to open the extension once but when they close and re-open the extension again, the panel is completely empty.
  From info from users, this is showing up on OS X (reported in 10.9.5) both in CC 2013 & 2014. Although it's not happening consistently across all machines with those same specs. The machine reporting the error, however, it happens consistently.
  We've discovered two work-arounds:
  1. Uninstalling and re-installing the extension will allow it to open it once (but then it reverts to the empty panel after closing and re-opening)
  2. Changing the ~/Library/Preferences/com.adobe.CSXS.4.plist file by adding PlayerDebugMode, of type String, and value 1 then restarting OS X also fixes the issue.
  Neither of these work-arounds are ideal. Has anyone else had this problem? Are there any solutions?

  Emailed Adobe and they said that if you change any files WITHIN the extension's folder itself, that will break the signing. I'm now saving preference files to the Application Support folder (SystemPath.USER_DATA) and it works!