IMAP SSL doesnt work in iOS 8.0.2 with self-signed cert.

Got several mailaccounts setup on my iPhone, four of them is LDAP SSL with the server running self-signed cert (expires 2039).
When I upgraded to iOS 8.0.2 (iPhone 5S) I got problem with Network settings so I did a "Reset Network Settings" (General > Reset).
After that all my LDAP SSL based emailaccount cannot be "Verified". I have tried reinstall them all but cannot even set them up anymore!!
I then setup with EXACTLY the same settings in Mail on my MacAir and it did work like a charm instantly. (Im working as a IT Tech so this is peanuts).
I have even tried to import the certificate (.pem) from Keyaccess Chain into my iPhone. So that one is installed.
In older iOS you could tell "Continue" when it said "Certificate is not trusted". Just clicked Continue and it worked anyway!
What to do?
In iOS 8.0.2 this is not showing to accept the certificate! Now it only shows:

Nothing anyone here can do, but you should report it to Apple: http://www.apple.com/feedback/

Similar Messages

  • IMAP with self-signed certs?

    I don't yet have my iPhone (ordered online), but I'm wondering if the email client can use IMAP servers via SSL that use a self-signed certificate. Can anyone test that or confirm/deny it based on some kind of published Apple documents or something? I haven't found a solid answer in my searchings.

    I can tell you it was a PITA to get working - I first tested sans ssl, then had to reset the iPhone before it would completely forget the old mail config (due to my playing w/ :port# tacked onto the hostname). Plus the iPhone docs need a small amount of work, I think.
    Is courier listening on port 993 for imaps? That's what the iPhone will use when you turn on 'secure incoming'.
    Setting the :port# in the server field only works for the outgoing server. Don't explicitely set it for incoming, else you'll go through the same aggravation I did (and eventually reset and enter it from scratch).

  • Imessaging doesnt work after iOs 6 update, can't send or recieve messages. it isnt the wifi since everything else is working. have tried every solution possible. help?!

    imessaging on ipod touch doesnt work after iOs 6 update, can't send or recieve messages. it isnt the wifi since everything else is working. have tried every solution possible. help?!

    Short of a reset to factory settings I've found making sure iMessaging is not left minimised helps. It doesn't seem to keep its connection. So, by closing after each use this helps. I've been doing this since I logged out of iMessaging at least 1/2 doz times and even changed my apple id pw as this had ceased to be recognised. I get fewer send failures now and don't have an inactive send button so much. Having said this its all a bit of a work around as iMessaging isn't behaving as it once did. If over time not resolved will do factory reset. All the best.

  • Local, self-signed cert for SSL IMAP on Tiger?

    I have a co-located Xserve running Server 10.4.11 (Up time: 380 days!) with IMAP, where I have admin access to install SSL certificates, but I don't quite have the justification to purchase one from a CA.
    I also have several Mac computers where I read my email via IMAP with SSL encryption, and I was wondering if there is any way that I could install a self-signed certificate on my local computers that matches my Xserve and would be sufficient to make Mail.app stop complaining about my server.
    I've been searching the web for tutorials on SSL, thinking that there must be some kind of provision within SSL where I could just set up all machines to be aware of a self-signed certificate in a protected file somewhere on each computer, and I assume that it should be possible to make SSL happy to talk between my own computers. But it seems that most SSL tutorials focus on https, not IMAP or other non-web networking connections. Also, I have a sinking feeling that if I did find information, then it might not be appropriate for the exact directory structure of Tiger. If anyone can help or provide pointers, it would be most appreciated.
    P.S. I could potentially used a "free" signed certificate, but it is attached to a virtual domain that I am hosting on my Xserve, and I assume that it wouldn't match the domain of my email unless I juggle things around. Also, that free cert would eventually expire, and then I'll be back to the current situation of needing to use a self-signed cert.

    Never mind. I figured it out.
    First of all, my Xserve certificate did not have the full FQDN, just a convenient subset. I created another self-signed cert with the true FQDN. I saw some hints around the web saying that Mail.app will always complain if the DN does not match.
    Second, it turns out that Keychain Access is where the local certs live, and in Tiger I needed to drag the cert to my Desktop, open it, and store it in the x509 section.
    All is good. Now to see how my iPhone likes the new certs...

  • E-Mail Setup fails with self-signed SSL certificat...

    Hi, one of my e-mails is with a small provider who just moved the mail server to Imap and SSL. In Thunderbird, everything works fine, setup on my Nokia C-6-fails with an unspecific error message (and trows away the settings). I asked the provider, and it seems that the problem comes up because the Nokia e-mail application doesn't asked me if I want to accept the certificate but instead rejects it. Is there a workaround to this problem? Is there a way to setup the mail account without using the wizard? Or to take over the settings from Thunderbird? Or a way to put the certificate in the right place manually? In Opera mobile I have no trouble with self-signed SSL certificates. Thanks Cave

    Any one around who can help? Self-Signed certificates are rather common, after all. I would be grateful cave

  • Can't access IBM mainframe 3270 session via SSL self-signed cert.

    Can't access IBM mainframe 3270 session via SSL self-signed cert since sometime last week. Using Mochasoft tn3270 lite on android works fine but iPad ios7 says "IBM mainframe has closed the session".  Any clues would be appreciated.

    I'm thinking the problem may be the IBM cert is 1024 bit. Investigating choices to implement 2048 bit cert into IBM.

  • Anyone having issues with Self-Signed SSL-certs on mail servers?

    Can't get it to allow connecting via SSL to outgoing mail servers with self-signed certificates. Problem did not exist in earlier versions of OSX as far as I know.

    YES. I have a cert from lunarpages, where my accounts are hosted. I'm seeing two issues, and they are different for the different servers at lunarpages:
    1. Multiple logins from different machines --> problem
    2. Multiple accounts accessing same server --> problem
    So, with 1 account on one of lunarpages machines, I can have several machines running Mail with ssl on at the same time and get no problem (that is, once I've saved the certificate and marked it trusted). But as soon as another account (my wife's email on the same domain, for example) tries to access the same server, it gives me an ssl error, a choice to save that cert. and if I do then my account will generate the ssl error. Seems like only one account can have the certificate.
    On another account on a different lunarpages machine, I can't have several machines running Mail at the same time, only the first will get through and the rest will give an SSL error.
    Lunarpages says they can't find a problem, though my last email with them told me to use TLS rather than SSL. Of course, there's no way to specify that in Mail anyway, but I'd thought Mail automatically used TLS anyway, and I'm running the right ports (587 for smtp, 993 for incoming).
    Feels like it's an issue with Mail or the OS's handling of certificates. Any clues on a fix will be most appreciated as this is getting annoying. I've had to turn off SSL on my wife's and daughter's accounts just so that I can use it. And I have to quit Mail so that on the other account I can get my mail on my iPhone. Having to quit Mail on my main work machine is frustrating -- if I forget to do it I can't get mail.

  • How do I allow self-signed cert for SecureAMF on iOS?

    I have spent the better part of two days trying to figure out how the dickens to do this. 
    Basically, I am using BlazeDS (using AMF as the protocol) to communicate with a Java backend (using tomcat with a self-signed cert).
    This works great in the browser version of the application (you usually get a little prompt saying that the site is untrusted when you try to access the website, you install the certificate and Bob's your uncle.)
    However, adapting the code over to iOS I am discovering a couple of problems.  The primary one being that the BlazeDS communication fails miserably when we are using SecureAMF with the self-signed certs.  It appears that it is similar to this issue: http://forums.adobe.com/message/3940214#3940214
    How do I get my iOS Air app to communicate with a self-signed certificate running on tomcat?
    Here are the things I've tried:
    1) Installing the cert using iPhone Configuration Utility
    2) Browsing to the site in Safari, and installing the certificate manually
    This is for development, so buying a certificate doesn't really make sense.
    So, any suggestions?

    Has anybody had any success here?  This is a real problem for testing internal applications inside of a local network.

  • Activate SSL with OpenSSL Self-Signed Cert

    Dear Expert,
    Anyone can give me guidance on how to activate and create ssl cert in Java IM using openssl self-signed cert.
    thanks

    Here how I make it work. Some of the tips is from jay in this forum
    Instant Messaging with SSL
    Let say I have Messaging, Directory, IM server in 1 box.
    Let's create a cert
    # cd /etc/opt/SUNWiim/default/config/
    a) Sun [TM] ONE Messaging Server 6.1 and Sun [TM] ONE Directory Server 5.2 were installed from JES2 on the same box
    b) The server_root directory for Directory Server is the default: /var/opt/mps/serverroot
    c) The server_root directory for Messaging Server is also the default: /opt/SUNWmsgsr
    1. Login to the console and do a Certificate Request
    a) cd /var/opt/mps/serverroot
    b) ./startconsole &
    c) Login to the main console as "cn=Directory Manager"
    d) Select and open the "Messaging Server" console
    e) Highlight the tab called "Tasks" at the top
    f) Select "Manage Certificates"
    g) Console will ask for a password for the security database. Please enter a password twice and make sure that you remember it. This will create the following two files under "/var/opt/mps/serverroot/alias" directory:
    -rw------- 1 mailsrv other 65536 Aug 12 13:57 msg-config-cert8.db
    -rw------- 1 mailsrv other 32768 Aug 12 13:57 msg-config-key3.db
    NOTE: Please make sure that:
    - either the owner of the files is the messaging server user ( mailsrv in this case ),
    -or the permission is appropriate for the mail server user to at least read it.
    h) Once you reach the "Manage Certificate" window, please make a "Certificate Request" by filing up the appropriate questions
    i) Once you are done, you get a CSR , which looks something like this:
    -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIBszCCARwCAQAwczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWE x
    DzANBgNVBAcTBm5ld2FyazEMMAoGA1UEChMDc21pMQ0wCwYDVQQLEwRhdGFjMSEw
    HwYDVQQ DExhwb3BleWUuYXRhYy5lYmF5LnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEB
    BQADgY0AMIGJAoGBALF eXVTFDj/1eONPzV/dAZ0dBKdstl+u+L/DTdw1sCXXOdNG
    MzYeTUu9g/g0dXL/bniF31M0OkoW+6O 5mshySv/KXS9QcoPngSKS6wuL8kNlYKQR
    Dw97WCS1uaqubAK/kir4hDmL7X9Rf29EFHDSFOWjeOJ /M7aqFWCfR5sTeSIFAgMB
    AAGgADANBgkqhkiG9w0BAQQFAAOBgQCeYwptiL/j7Bcs0DtGYiOlMMs utezF1COC
    4+wHt/p+LtQkvQWBoXisqN6YlGfZPXOCdUyA+RwU7BxjX9IQLP+9HLHfQyLzvCKb
    boKKpjIc8Ci+tmibM5QkgTxu4L7yeCR/PiplgVPttHNT2Qr9cxHLLBvIO6N1GOE8
    VBoq0pC5SA= =
    -----END NEW CERTIFICATE REQUEST-----
    Please maintain and preserve this CSR , since you will be sending it to the Certificate Authority ( CA ) so they can issue you a Certificate
    # openssl genrsa -des3 -out ca.key 4096
    # openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
    # openssl x509 -req -days 3650 -in file.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server-cert.crt
    # cp -p /var/opt/mps/serverroot/alias/msg-config-key3.db key3.db
    # cp -p /var/opt/mps/serverroot/alias/msg-config-cert8.db cert8.db
    # cp -p /var/opt/mps/serverroot/alias/secmod.db .
    # cat sslpassword.conf
    Internal (Software) Token:password
    # cat /etc/opt/SUNWiim/default/config/iim.conf
    iim.comm.modules = "iim_server,iim_mux,iim_wd"
    iim.smtpserver = "www.esuria.com.bn"
    iim.instancedir = "/opt/SUNWiim"
    iim.instancevardir = "/var/opt/SUNWiim/default"
    iim.user = "root"
    iim.group = "root"
    iim.config.version = "1.1"
    iim_ldap.host = "www.esuria.com.bn:389"
    iim_ldap.searchbase = "o=esuria.com.bn,dc=esuria,dc=com,dc=bn"
    iim_ldap.loginfilter = "(&(objectclass=inetorgperson)(uid={0}))"
    iim_ldap.usergroupbyidsearchfilter = "(|(&(objectclass=groupofuniquenames)(dn={0
    }))(&(objectclass=inetorgperson)(uid={0})))"
    iim_ldap.usergroupbynamesearchfilter = "(|(&(objectclass=groupofuniquenames)(cn=
    {0}))(&(objectclass=inetorgperson)(cn={0})))"
    iim_ldap.allowwildcardinuid = "False"
    iim_ldap.userclass = "inetOrgPerson"
    iim_ldap.groupclass = "groupOfUniqueNames"
    iim_ldap.groupbrowsefilter = "(objectclass=groupofuniquenames)"
    iim_ldap.searchlimit = "40"
    iim_ldap.userdisplay = "cn"
    iim_ldap.groupdisplay = "cn"
    iim_ldap.useruidattr = "uid"
    iim_ldap.groupmemberattr = "uniquemember"
    iim_ldap.usermailattr = "mail"
    iim_ldap.resynctime = "720"
    iim_ldap.usergroupbinddn = "cn=Directory Manager"
    iim_ldap.usergroupbindcred = "password"
    iim_ldap.useidentityadmin = "false"
    iim.log.iim_server.severity = "INFO"
    iim.log.iim_mux.severity = "ERROR"
    iim.log.iim_wd.severity = "ERROR"
    iim_server.domainname = "esuria.com.bn"
    iim_server.useport = "True"
    iim_server.port = "5269"
    iim_server.usesslport = "False"
    iim_server.sslport = "5223"
    iim_server.enable = "True"
    iim_server.clienttimeout = "15"
    iim_server.usesso = "0"
    iim.policy.modules = "iim_ldap"
    iim.userprops.store = "file"
    iim_mux.listenport = "www.esuria.com.bn:5222"
    iim_mux.serverport = "www.esuria.com.bn:45222"
    iim_mux.enable = "true"
    iim_mux.numinstances = "2"
    iim_mux.maxthreads = "10"
    iim_mux.maxsessions = "1000"
    iim_mux.usessl = "on"
    iim_mux.secconfigdir = "/etc/opt/SUNWiim/default/config"
    iim_mux.keydbprefix =
    iim_mux.certdbprefix =
    iim_mux.secmodfile = "secmod.db"
    iim_mux.certnickname = "server-cert"
    iim_mux.keystorepasswordfile = "sslpassword.conf"
    iim_wd.enable = "true"
    iim_wd.period = "300"
    iim_wd.maxRetries = "10"
    -open http://www.esuria.com.bn/im/en/im.jnlp
    -click More Detail and enable Use SSL

  • Does using self-signed cert. on ISE server has anthing to do with url redirect being not working

    Hi,
    I am setting up wired ISE environment. Everything is going fine, except url redirect is not working.
    I just wondering, if using self-signed certificate on ISE server has anothing to do with the problem ?.
    Appreciate your input.
    Thanks

    Hi,
    As long as you have not changed the hostname or the domain name (and dns is accurate). You should only receive the certificate warning but still get redirected without any issues.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • I downloaded,2 days ago the new ios, and my I phone 4 doesnt work it show an arrow and the itune sign, what should i di?

    i downloaded 2 days ago, with my I Phone 4, IOS 8.0, since then it doesnt work, and there is the sign of a usb, with an arrrow pointing on the sign I Tune.
    what should i do?

    You didn't download the new iOS 8 to an iPhone 4.  Perhaps you did it to an iPhone 4S.
    But if your device is showing you should connect to iTunes on your computer, then that's what you need to do.
    Use this article: If you can't update or restore your iPhone, iPad, or iPod touch

  • IMAP Mail Setup with self-signed SSL certs

    I am unable to set up IMAP access to an email account of mine on the new iPhone mail app. The setup stalls at "verifying" and I can't seem to save the info entered and then disable SSL in the advanced setup.
    Also, it doesn't seem possible to install SSL certs out of safari. On the computer I was able to navigate to the server via https and permanently accept the SSL cert. The option doenst exisit in Safari Mobile. If you have the servers cert (.der) file in the web root of the server, possible to download and install the certificate. This solved a similar problem for my ExchangeMail push with our Kerio server. Unfortunately, the certificate file of that other IMAP account is unavailable..

    If possible, instead of configuring it on the iPhone, try configuring it on your computer and using iTunes to sync the configuration itself to the iPhone. I am connecting fine to an IMAP server with a self-signed certificate. The first time I opened Mail (on the iPhone) it prompted me with a dialog saying the certificate was invalid but I was able to accept it. Since then, it has never prompted me again about validity of the certificate (even after rebooting the phone) so I believe the Mail program can permanently accept a self-signed certificate.
    And yes, there doesn't seem to be a way for Safari Mobile to permanently accept self-signed certificates. I have read that the iPhone is supposed to pull certificates from the Keychain but this does not appear to be the case.

  • Mail App Not Working with Self-Signed Certificates

    First and foremost, I apologise for starting another thread that is 90% similar to others but I wanted to avoid falling into an existing context.  Like may others, I am having issues with the Mail App in Mavericks but I have an email account other than G-Mail.
    That being said, here is the issue I am having.  Until recently I never had an issue sending and receiving email from various accounted.  My Internet provider, an Exchange account, even a G-Mail account.
    Yesterday, my Web hosting provider issued a new (self-signed) certificate as the old one had expired (which was also a self-signed certificate).  While I am able to still receive messages, I am no longer able to send any.
    I have tried numberous possible solutions to no avail.  I have removed and readded my email account, I have refreshed my SMTP settings, I have removed all semblence of the account from my Key Chain, added the Certificate manually with full trust, and I have even flushed the caches from my ~/Library/ folder.  The last one perked up the Mail App but did not restore my ability to send messages from my Web provider's SMTP server.
    I suspect this is a bug in the Mail App but I'm hoping I can find a few last solutions before I file a bug report.
    In the meantime, I am using another outgoing server from my Internet provider.  It will do but for consistency I'd much rather use the outgoing server that came with the email account in question.
    I am all but convinced it is the Mail App as Thunderbird is able to use the SMTP server just fine and I am still able to send messages using the exact same settings on my iPhone and iPad.
    In case it helps, I am using a Early 2011 MacBook Pro with the latest Mavericks update (which ironically was meant to solve some issues other users had with the Mail App).
    On a related note, I wish I had stayed on Snow Leopard.  I did not have a single issue with that OS.  Now I feel like I am working on Windows Vista again and I am waiting for the Apple version of Windows 7 to set things right.

    MrsCDS wrote:
    I am using an iPhone 6 plus on iOS 8.1 and suddenly my Yahoo email account will not populate to my Mail app. I have deleted and re-added the account and also re-booted the phone with no luck. I get the spinning wheel up by my Wi-Fi signal that suggests it's attempting to do something, but the bottom of the Inbox only says "Updated Yesterday." Has anyone else experienced this or can someone, especially an Apple employee, tell me how to fix this?
    There is no Apple in this user to user technical forum, if you want an Apple employee you would need to take your phone to the Apple store.
    What happens when you switch to using cellular data?  Does your email update?
    FYI - Yahoo email account is notoriously bad, you can try their app.

  • Two way ssl with self signed certificate?

    How can I use a self signed certificate with two-way SSL with weblogic 7sp4?
    Specfically, I don't want to use any CA authority.
    Is it possible to simply have the clients certificate in the servers truststore or not?
    I pull out the certificate via
    javax.servlet.request.X509Certificate
    but when I use a self signed certificate it's never there.
    If I instead use a certificate that was created with CertGen it works. But CertGen uses the GenCertCA to create the certificate chain.

    How can I use a self signed certificate with two-way SSL with weblogic 7sp4?
    Specfically, I don't want to use any CA authority.
    Is it possible to simply have the clients certificate in the servers truststore or not?
    I pull out the certificate via
    javax.servlet.request.X509Certificate
    but when I use a self signed certificate it's never there.
    If I instead use a certificate that was created with CertGen it works. But CertGen uses the GenCertCA to create the certificate chain.

  • Http Analyzer connecting to server with self-signed SSL cert

    When making webservice calls using Axis 1.3 to our development site that uses a self-signed SSL cert I am getting the following error when running the Http Analyzer:
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Works fine if I turn off proxy in run configuration for project or when used against a site with a purchased cert. I assume the problem is with Http Analyzer not being able to find the server cert in a local keystore, is there a way to import the cert so that I can run Http Analyzer against the site?
    Tried adding server cert to <jdkhome>/jre/lib/security/cacerts keystore but still have the problem.
    Am using JDeveloper 10.1.3.
    Thanks,
    John

    I fixed that by getting certs from: https://www.startssl.com/?app=1.
    The certs are free and work fine.
    Since Iphone 4 apple does not accept unknown CA Authorities.

Maybe you are looking for

  • Due date calculation for the credit memo with invoice reference.

    Hi, When we create the credit memo with reference to invoice, the due date for the credit memo is getting copied from Invoice. In this case if the invoice is due on 31.12.2008 and the credit memo is created on 10.09.2009, then the credit memo due dat

  • Another bug in sun one studio?

    is this another bug in sun one studio or something else. i have set the author to a different name through tools -> options -> java sources but when i create session beans or cmp beans, it uses the previous name. however java main classes display the

  • I use Dap and Speedbit and want to know why these won't work if I update when I've had no problem with them in the past?

    I was about to update my Firefox browser when it said that my Dap downloader and Speedbit video accelerator wouldn't work with the latest update of firefox. I have had no trouble in the past with these extensions so why now. I use these extensions ex

  • Error Building Source Distribution

    Hello group,  I'm trying to build a Source Distribution in LV8.6. The application is used to drive a LV USB NI-8451 SPI adapter (among other things), so I have installed the SPI drivers in the default folder "C:\Progran Files\National Instruments\Lab

  • Requirement for Flex Island

    Hello Guru's, We are planning to implement flash island based GUI on WebDynpro for ABAP. My question is what software are required to implement the solution. 1) Is adobe flex builder enough to implement the design? 2) Do I need NWDS? Regards, Abhy.