Mail and Thawte certificates

Similar Messages

• Mail 2.1 and Thawte certificates

  I 'joined' Thawte, created a certificate for the address '[email protected]'.
  The fetch process from Thawte using FireFox put the certificate in KeyChain Access's 'Certificates' so I followed this procedure to make a 'backup' in KeyChain Access's my certificates. And there it is - green checkmark, valid and just where it should be; it has the name of the email address with which I registered and requested at Thawte.
  But when I open a New message in Mail from that same account, '[email protected]', documents like this one tell me to expect signature icons at the right hand side under the subject box.
  Nothing. Restarted. Relaunched. Mail isn't recognising what seems to be a valid certificate in 'My Certificates' in KeyChain Access.
  Anyone any ideas? TIA!
  G5 DP 2 GHz   Mac OS X (10.4.8)   No Haxies; permissions frequently repaired etc

  abandoned

• MobileMe mail and digital certificates

  Hi,
  Is there any way of digitally signing and encrypting MobileMe emails using a self-signed certificate?
  Thanks,
  Glyn

  Thanks for your reply, Dave - glad to hear it's not just me!
  I spoke to Apple and they say they've done nothing to the MobileMe servers that would cause this.
  The reject email I get is:
  Your message cannot be delivered to the following recipients:
   Recipient address: [email protected]
   Reason: SMTP transmission failure has occurred
   Diagnostic code: smtp;550 5.7.1 Command rejected
   Remote system: dns;email-lb-cpg.austin.hp.com (TCP|17.172.48.75|57574|15.217.96.213|25) (hpeprint.com ESMTP Postfix)
  Original-envelope-id: [email protected] Reporting-MTA: dns;st11b01mm-asmtp212.mac.com (tcp-daemon) Arrival-date: Wed, 12 Oct 2011 01:39:29 -0700 (PDT) Original-recipient: rfc822;[email protected] Final-recipient: rfc822;[email protected] Action: failed Status: 5.7.1 (SMTP transmission failure has occurred) Remote-MTA: dns;email-lb-cpg.austin.hp.com (TCP|17.172.48.75|57574|15.217.96.213|25) (hpeprint.com ESMTP Postfix) Diagnostic-code: smtp;550 5.7.1 Command rejected

• Can't get Mail to recognize Thawte certificate for signing and encrypting

  I got a certificate from Thawte and double clicked on the p12 file. This installed the certificate in the login section of the Keychain. I read in several places that it must be in the X509Anchors chain in order to work. However, whenever I try to import it or copy it there I can't get past the authentication screen. I give it the password to decrypt the p12 file and that works, but then it asks for a password for the X509Anchors keychain. I'm giving it my login password, but that doesn't work. What am I doing wrong?

  You shouldn't have to do anything with the X509Anchors keychain. The X509Anchors keychain contains certificate authority (CA) certificates, i.e., certificates associated with CA's that sign certificates. In it you'll find various CA certificates for thawte among others.
  After you've successfully imported your thawte cert into your login chain, restart mail (I don't think you need to restart keychain access, but it wouldn't hurt).
  Now when you compose a message, you should see encrypt and sign buttons to the right and below the subject line. This of course assumes the email address configured in mail is the same as the one in the thawte certificate.

• I tried to buy a gift certificate to be e-mailed, and it said "This Apple ID is not currently eligible  to purchase gift certificates" - how come?

  I tried to buy a gift certificate to be e-mailed, and it said "This Apple ID is not currently eligible  to purchase gift certificates" - how come?

  Same problem here and it seems to be a problem that has been occuring, intermittently, for quite a while. I  received the following reply from Apple Support
  "You will receive an email after the matter has been investigated and further information is available."
  As I believe that strength comes in numbers, please open a support ticket:
  http://www.apple.com/support/itunes/

• Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

                     Dear All,
  i have the folloing case :
  i am using ASA as Certificate authority for cisco anyconnect VPN users,the authentication happens based on the local database of the ASA,
  i want to issue a new certificate every 72 hours for the users ,and i want to send the one time password via email to each user.
  so what the setting of the mail and smtp server should be ,
  was i understand i should put my smtp server ip address then i have to create the local users again under(Remte VPN VPN--Certificate management--Local certificate authority --Manage user Database) along with their email addresses to send the one time passsword to them via their emails.
  i sent the email manually ,hwo can automate sending the OTP to our VPN users automatically vi their emails?
  Best regards,

  Thanks Jennifer.
  I did manage to configure LDAP attribute map to the specific group policy.
  Nevertheless, I was thinking whether I can have fixed IP address tied to individual user.
  Using legacy Cisco VPN Client, I can do it using IPSEC(IKEv1) Connection profile, where I set Pre-Shared Key and Client Address Pools. Each Client Address Pools has only 1 fix IP address.
  Example: let say my username is LLH.
  Connection Profile for me is : LLH-Connection-Profile, my profile is protected by preshared key.
  Client Address Pool for me is : LLH-pool, and the IP is 172.16.1.11
  Only me know the preshared key and only me can login with my Connection Profile.
  Using AnyConnect, I have problem. User can use any connection profile because I cannot set preshared key for AnyConnect. In that case, I cannot control who can use my Connection Profile and pretend to be me.
  Example:
  AnyConnect Connection Profile for me is : LLH-Connection-Profile, without any password
  Client Address Pool for me is : LLH-pool, IP is 172.16.1.11
  Any body can use LLH-Connection-Profile, login with another user name, let say user-abc which is a valid user in LDAP server. In that case, ASA assign 172.16.1.11 to user-abc and this user-abc can access server which only allow my IP to access.
  I hope above description can paint the scenario clearer.
  Thanks in advance for all the help and comment given.

• Issues with Mail and SMTP and Gmail Accounts

  So this isn't a question....more like a solution that I had to figure out. 
  We have multiple gmail accounts in our family and after upgrading to OSC Yosemite our gmail accounts wen't haywire.  My wife was sending emails that eventually were sent from my gmail account (mass neighborhood emails at that.....and all replies came to me instead of her).  I spent about 2 hours investigating and put together several different threads that finally fixed out problem.  The root of the issue is that you can share the same Incoming Mail Server for all of your gmail accounts and your mail will go to the accounts that it is supposed to go to, but you have to have individual Outgoing Mail Servers for each of your accounts otherwise all outgoing mail will come from one account only.  I don't know why this happened, it is a pain in the butt, but here's how I fixed it with 3 gmail accounts running through 1 mac.    
  1st - you need to remove all of your gmail accounts from mail via Internet Accounts in Settings. Just highlight the account and hit the minus sign at the bottom.  You won't lose anything if you have your gmail settings set to default which backs everything up to Google's servers....it will all load back to you mac and it will all be available online at gmail.com
  2nd - you need to add back all of your accounts one at a time (and follow all of the following steps for each account before adding another).  Select the plus sign and choose Google (for gmail accounts only). 
  3rd - Give your gmail account a recognizable name in the "Name" field (if you have multiple Gmail accounts to add, you will want to distinguish between them).
  4th - type in your username ([email protected]) and password.  Make sure to add the suffix @gmail.com. 
  5th - Check the boxes that you want to add to your mac (mail, contacts, calendars, messages, notes). 
  6th - Click the "Details" button to ensure that you have an adequate description (see # 3 above) if you are going to have multiple gmail accounts to add. 
  7th - Open the Mail app.
  8th - From Mail Preferences/Account Information Tab - make sure that you account is Enabled (check box next to "Enable Account", make sure that you have an adequate description name, email address is correct, Incoming mail server is imap.gmail.com, Username is your normal gmail login username (absent any suffix like .gmail.com), password is your gmail password. 
  9th - Then, from Preferences click on the Advanced tab and....Uncheck "Automatically detect and maintain account settings".
  10th - Then, go back to Account Information Tab and.....from the Outgoing Mail Server (SMTP) dropdown box, select Edit SMTP List....
  11th -  You need to create an individual SMTP Server Account for each gmail account that you plan to add.
  12th - To do this click the plus button.  Server Name should always be smtp.gmail.com.  Type in your own Description (I recommend naming it after the gmail account that you plan to attach it to). 
  13th - TLS Certificate should be "None"
  14th - Click the Advanced Tab - From here, uncheck the box for "Automatically detect and maintain account settings".  Then make sure Port is 587 (default is 25 for some ungodly reason).  Check the box for "Use SSL".
  15th - Set authentication to "Password".  User name MUST contain a suffice (i.e [email protected]).  Password is your normal gmail password. 
  16th - Click OK. 
  17th - Now your back at Preferences/Account Information - Link your account to the SMTP server that you just created by using the dropdown box next to Outgoing Mail Server (SMTP). 
  18th - Save all changes and close out of Mail App. 
  19th - Restart Mail and recheck steps 8-15....for some reason my passwords kept getting erased, but they eventually saved and took. 
  20th - Add another gmail account by following these steps and then recheck all along the way for passwords, suffixes, everything.  You will want to make sure that your accounts are all properly linked to their respective Outgoing Mail Servers (hence the distinct naming descriptions).   
  21st - Once you have added multiple accounts send email between them to make sure that they are being sent from and received to the correct accounts. 

  Wow! Oh my goodness Patrick, thank you so much man. That's a ton of informatiion to take the time to write out step by step and share with strangers.  I really, really am grateful to you.  I've been dealing with this for a month, half the month I kept changing my passwords and kept assuming I was making some mistake.  It used to work fine.  About a week ago I started looking for a solution and couldn't find one that worked. 
  You have changed that sir!  I'm good to go, stress level will lower when I am on my Mac, and I'm so glad to not have all these messages popping back up that I was done with! 
  Muchos Gracias Amigo!  Owe you one...

• Has anyone had recent issues with iCloud mail and Outlook 2011?

  Two days ago without warning when sending an e-mail from Outlook 2011 from a MacBook Pro running 10.8. (Have a .mac account), I had an error pop up, see below.
  Tried entering the password but the same error popped up. Thought there might be an error with the keychain so verified and ran a repair. Still the error continued. I checked that the password was still working and logged into iCloud. I then launched Mac Mail and this worked fine and so also my iPhone / iPad etc. Nothing I did made it possible to send e-maills from my .mac account although I could receive them.
  For the last couple of days I have been using my MacBook AIr for sending mails for the same account via Outlook 2011. This has been working fine all day until 25 mins ago when the same error message popped up on this Mac too. Went through the same set of tests and again Mac Mail works and so does the password.
  Have tried to Google for a solution but can't find anything relevant. Could this be Microsoft trying to cause problems for Apple users, some rogue update, iCloud security certificate issue, or something more sinister. Any suggestions for a fix gratefully received, as currently I can't use Outlook 2011 on either Mac.

  Hi guys!
  I am also having big trouble syncing my iCloud acc. I am able to send email, but i cannot recieve any. I have tried almost everything. I have tried using p01, p02, p99 servers, without solving the problem. I have tryed typing "INBOX" and "/" in IMAP root, still not working. Have anyone got a solution?
  I am using:
  OS X 10.9.1
  Outlook 2011 for mac v. 14.3.8
  I really hope someone has got an answer!
  Sorry the text in the screenshots are in danish. I hope you get the idea anyway.

• Mail and web server on same machine

  hi to all,
  i have jes 4 suite installed on the same machin: uwc runs on port 81 and 443 (secure) and mail can be accessed on:
  https://mail.dom.com
  I want to create a new web instance to host the web content. It will be access at:
  http://www.dom.com
  What needs to be done so that users do not access
  https://www.dom.com as web mail
  and http://mail.dom.com as web server?
  thanks!
  Linda.

  What is on port 80 is the webserver that should host the website.
  What is on port 81 is the webserver instance hosting the webmail. I installed a certificate and created a new LS so that users access the webmail through https. port 81 is firewalled.
  There is no command called 'host' on Solaris. Actually the DNS admin will register www.dom.com and mail.dom.com to have the same IP since mail and web are installed on the same machine.
  The server processes that exist should be the mail processes and the 2 web instances processes. the first instance should listen to port 443 and 81. The second instance should listen to port 80.
  the urls that a user might type:
  https://mail.dom.com
  http://www.dom.com
  http://mail.dom.com
  the last url is what I want to change. Normally this should display the website. I don't want this result. I want to display the webmail page i.e. https://mail.dom.com. If this is not feasible, I want to display a page showing the 2 other urls.
  thanks,

• Using Mail with CaCert certificate won't work

  Hello everybody!
  I have a problem, I can't resolve right now. I have a CaCert.org certificate for my emails. I importetd it to my keyring, where it shows up and is marked as trusted. So no problem till this point.
  Now, when I start Mail and want to write a new mail, I don't get the buttons to sign or to encrypt emails.
  Thanks for your help in advance!

  Huh. Sascha, with apologies, I think this is a case of wanting to answer the question I wanted to ask, not the question you actually asked.
  For signing and encrypting, you need to have imported your personal certificate, and its corresponding private key, into your keychain. If you have done so, it will show up, in the Keychain app under My Certificates and you should be able to verify it as being correctly trusted (by you). This should be in the login keychain.
  Once this is confirmed, you should be able to verify that, when writing a new email, the encrypt and sign buttons appear towards the right of the composition window, right above the composition text:
  This all happens automatically, provided the "From" address for this account is the same as that recorded in your certificate. This is another point you should double-check.
  Finally, note that you can encrypt only to recipients for whom you have a trusted certificate, as recorded in the "Certificates" section of your login keychain.
  Now, I would assume there is a problem with the first part: there being your certificate and private key in the keychain, with the appropriate trust. If you can indicate what seems to be mismatched, we can continue the conversation to help drive a resolution.
  Good luck!
  Bertrand

• Tomcat, servlet, cacerts, client authentication and Thawte...

  Hello all,
  the steps and code samples below (well known to you) work fine for a VeriSign Personal Digital Id trial and a GlobalSign PersonalSign demo certificate. However:
  1) how can I make Tomcat or JSSE use both my default keystore and the cacerts file?
  The VeriSign class 1 root is in this cacerts file, but still I need to import the very same root into my own keystore to accept the client certificate. Also, importing the GlobalSign root into cacerts does not help me; instead I am required to import it into my default keystore.
  I know I can set the keystore parameter in the Tomcat server.xml -- but that does not feel right... When I import a cert using "keytool -trustcacerts" then I get "Certificate already exists in system-wide CA keystore under alias <verisignclass1ca> Do you still want to add it to your own keystore?" This gives me the feeling that the system knows where to find the cacerts file, but Tomcat somehow does not use it...
  2) anyone used Thawte Personal Freemail with Tomcat?
  Even when I import the Thawte root certificate into my own keystore, a Thawte Personal Freemail cert is never accepted. In Internet Explorer, although having three certificates installed, the popup dialog that prompts me to choose one only shows the VeriSign and GlobalSign things. When using "TOMCAT_OPTS=-Djavax.net.debug=all" I see that Tomcat "proposes" all three roots to the client browser:
    *** CertificateRequest
    Cert Types: DSS, RSA,
    Cert Authorities:
    <CN=GlobalSign Root CA, OU=Root CA,
       O=GlobalSign nv-sa, C=BE>
    <OU=Class 1 Public Primary Certification Authority,
       O="VeriSign, Inc.", C=US>
    <[email protected],
       CN=Thawte Personal Freemail CA,
       OU=Certification Services Division,
       O=Thawte Consulting, L=Cape Town,
       ST=Western Cape, C=ZA>
    *** ServerHelloDoneAll details below.
  Thanks,
  Arjan.
  - JDK 1.4 beta. I also have 1.3 installed; I did not try 1.3 with the JSSE extension available at http://java.sun.com/products/jsse/index-102.html
  - JAVA_HOME and PATH are set allright.
  - Tomcat 3.2.1
  Steps taken:
  VeriSign
  - free trial at http://www.verisign.com/client/enrollment
  - export the VeriSign root certificate from the global CA certificates. The password defaults to changeit
  - import the exported root into the default key store
    cd /jdk1.4/jre/lib/security
    keytool -export -keystore cacerts -alias verisignclass1ca -file myverisignroot.cer
    keytool -import -alias myverisignroot -trustcacerts -file myverisignroot.cerAbove, the -trustcacerts is only added to show you the warning I mentioned above...
  GlobalSign
  - free trial at http://www.globalsign.com/secure_demo.cfm
  - get the root certificate at http://secure.globalsign.net/en/trust
  - import the root certificate into the default keystore
    keytool -import -alias myglobalsignroot -file root.cacert
  Thawte
  - free certificate at http://thawte.com/getinfo/products/personal
  - the Personal Freemail root certificate at http://www.thawte.com/certs/trustmap.html
  - import the Personal Freemail root certificate into the default keystore
    keytool -import -alias mythawteroot -file persfree.crt
  Tomcat
  - uncomment the SSL Connector section in server.xml, except for keystore and keypass (the password is still the default, being changeit)
  - to the very same Connector section, add
    <Parameter name="clientAuth" value="true"/>- create a security certificate, as mentioned in server.xml as well. When using JDK 1.4, one does not need to set the classpath or change java.security. So:
    keytool -genkey -alias tomcat -validity 180 -keyalg RSA- to see debug info:
    set TOMCAT_OPTS=-Djavax.net.debug=all- make sure the VeriSign etc. roots are imported
  - restart Tomcat
  - connect to the servlet at port 8443, using https. You will see security warnings because your browser does not know the Tomcat certificate.
  Servlet
  Finally the code, as you may know it:
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.io.*;
  import java.util.*;
  // For Tomcat: javax.security, not java.security
  import javax.security.cert.X509Certificate;
  import javax.security.cert.Certificate;
  import java.security.Principal;
  // JSSE classes
  import javax.net.*;
  import javax.net.ssl.*;
  public class sslTest extends HttpServlet
    private static final String CONTENT_TYPE = "text/html";
    public void init(ServletConfig config) throws ServletException
      super.init(config);
    private void printCert(PrintWriter pw, Object obj)
      if(obj instanceof Certificate)
        pw.println("<>---------------------------------------<>");
        if(obj instanceof X509Certificate)
          X509Certificate cert = (X509Certificate)obj;
          Principal principal = cert.getIssuerDN();
          pw.println("  Principal Name : " + principal.getName());
          pw.println("  Version        : " + cert.getVersion());
          pw.println("  Serial Number  : " + cert.getSerialNumber());
          pw.println("  Issue DN       : " + cert.getIssuerDN());
          pw.println("  Subject DN     : " + cert.getSubjectDN());
          pw.println("  Not Before     : " + cert.getNotBefore());
          pw.println("  Not After      : " + cert.getNotAfter());
          pw.println("<>---------------------------------------<>");
          pw.println(cert.toString());
        else
          Certificate cert = (Certificate)obj;
          pw.println(cert.toString());
    private void printCertificateDetails(String attributeName,
      HttpServletRequest req, PrintWriter pw)
      Object obj=req.getAttribute(attributeName);
      if(obj instanceof Certificate[])
        if(obj instanceof X509Certificate[])
          pw.println("<h1>Client X509Certificate Chain</h1>");
        else
          pw.println("<h1>Client Certificate Chain</h1>");
        Certificate[] array = (Certificate[])obj;
        for (int x=0; x < array.length; x++)
          printCert(pw, array[x]);
      else if(obj instanceof Certificate)
        if(obj instanceof X509Certificate)
          pw.println("<h1>Client X509Certificate</h1>");
        else
          pw.println("<h1>Client Certificate</h1>");
        printCert(pw, obj);
      else
        if (obj != null)
          pw.println("Client Certificate Attribute "
            + attributeName
            + ", type \""
            + obj.getClass().getName()
            + "\":\n" + obj);
        else
          pw.println (attributeName + " attribute not set");
    /**Process the HTTP Get request*/
    public void doGet(HttpServletRequest req, HttpServletResponse resp)
      throws ServletException, IOException
      PrintWriter pw = resp.getWriter();
      pw.println("<html><head><title>SSL Details</title></head><body><pre>");
      if (req.isSecure())
        pw.println("Got a secure connection.");
      else
        pw.println("This connection is not secure.");
      pw.println("IP address: " + req.getRemoteAddr());
      pw.println("User: " + req.getRemoteUser());
      pw.println("Subject: " + req.getHeader("CERT_SUBJECT")); // null for Tomcat
      pw.println("Issuer: " + req.getHeader("CERT_ISSUER"));   // null for Tomcat
      pw.println("\nAvailable attributes:");
      Enumeration attributeNames = req.getAttributeNames();
      while(attributeNames.hasMoreElements())
        pw.println("  " + attributeNames.nextElement().toString());
      pw.println("\n");
      Object obj;
      obj = req.getAttribute("javax.net.ssl.cipher_suite");
      if(obj instanceof String)
        pw.println("Cipher Suite: " + obj);
      else
        if(obj instanceof String[])
          pw.print("Cipher Suite: { ");
          String[] otherArray= (String[])obj;
          for (int x=0; x<otherArray.length; x++)
            pw.print(otherArray[x].toString() + " ");
          pw.println("}");
        else
          if (obj != null)
            pw.println("SSL Session Attribute javax.net.ssl.cipher_suite, type \""
              + obj.getClass().getName() + "\":\n" + obj.toString() );
          else
            pw.println ("javax.net.ssl.cipher_suite attribute not set");
      obj = req.getAttribute("javax.net.ssl.session");
      if(obj instanceof SSLSession)
        pw.println("SSL session:");
        SSLSession session = (SSLSession)obj;
        pw.println("Cipher Suite: " + session.getCipherSuite());
        pw.println("Peer Host: " + session.getPeerHost());
        pw.println("ID: " + new String(session.getId()));
      else
        if (obj != null)
          pw.println("SSL Session Attribute javax.net.ssl.session, type \""
            + obj.getClass().getName() + "\":\n" + obj);
        else
          pw.println ("javax.net.ssl.session attribute not set");
      // JSSE recommends �javax.net.ssl.peer_certificates� as the attribute name.
      // However, some web servers do not support these generic names. Like the
      // "javax.net.ssl.peer_certificates" is said to work for WebSphere 3.5 but
      // not for Tomcat 3.2.1.
      // "The javax.security.cert.X509Certificate class is similar to the newer
      // java.security.cert.X509Certificate. New applications should use the newer
      // java.security version". However, Tomcat does not support that:
      printCertificateDetails("javax.net.ssl.peer_certificates", req, pw);
      printCertificateDetails("javax.servlet.request.X509Certificate", req, pw);
      printCertificateDetails("tomcat.request.X509CertificateChain", req, pw);
      pw.println("</pre></body></html>");
    /**Clean up resources*/
    public void destroy()
  }

  Heya,
  Well, this is a pretty complete description of the problem, unfortunately I am not able to comment on the Tomcat side of things, but this makes for interesting reading nonetheless.
  One thing I must mention is that the Thawte Personal certs are indeed chained, and the Personal Freemail cert is the intermediate root CA which is in turn signed by the Personal Basic root (the link I have posted to you in your trouble ticket with us.)
  What may be happening is that the Personal Freemail cert is not completing the chain back to the Personal Basic root, and any cert signed with this may not be displayed as the Issuer is in doubt.
  If your Personal Cert has been issued within the last few months it has ben signed by the Personal Freemail 08.03.2000, and many versions of browsers have not got this particular root installed, could you verify that pls? I can send this particular root to you if you would like to test this theory out.
  There should bo no problems with using a Thawte certificate with your particular software, so we should hopefulyy be able to figure somehting out.
  Regards,

• Using 10.5.8 when open mac mail keeps giving Certificate error

  trying to help someone with a mac book
  10.5.8
  when open mac mail keeps giving certificate error.
  checked and everything seems fine with settings
  ssl is not turned on for incoming and outgoing
  not sure what is giving them this error and trying to assist them
  any suggestions would be appreciated

  * Download a new copy of the Firefox program: http://www.mozilla.com/firefox/all.html
  * Trash the current Firefox application to do a clean (re)install.
  * Install the new version that you have downloaded.
  Your profile data is stored elsewhere in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Firefox Profile Folder], so you won't lose your bookmarks and other personal data.

• Reinstall Thawte Certificates

  I am having problems with SSL certificates that cannot be validated because Thawte certificates were not valid. During attempts to fix this I have deleted some Thawte certs with the expectation of being able to re-install.
  How do I reinstall all of the Thawte Certificates to the latest version?
  I have already carried out a reinstall of the App, and a Refresh.
  Mac Firefox v37.0.2 on Intel iMac
  Thanks

  Thank you jscher2000
  It was affecting several web sites that I visit on a regular basis. I used an SSL checker and the sites were correctly configured.
  I then discovered that Thawte Server CA was crossed out in the Keychain Access app, so I deleted and reinstalled with the data-file I downloaded from Thawte’s site as part of the root package.
  Then restarted and things appear to be working okay now.
  Can someone please confirm the standard Thawte certs settings. I notice it has changed from what I had before and now I only see three for Thawte listed under Authorities: Primary Root CA; CA G2; CA G3, with the following serial numbers
  34:4E:D5:57:20:D5:ED:EC:49:F4:2F:CE:37:DB:2B:6D
  35:FC:26:5C:D9:84:4F:C9:3D:26:3D:57:9B:AE:D7:56
  60:01:97:B7:46:A7:EA:B4:B4:9A:D6:4B:2F:F7:90:FB
  Is this okay? Do I need to install anything else to fix this for sure?

• Mail and Twitter not working

  Hi all,
  I'm having issues with setting up my mail and twitter account. I folllowed all instructions for mail but the imap server appears to be offline. Also when I open notification centre and try to tweet, it sends me to system preferences to set up my twitter account. I type my user name and password but it says they're incorrect although I use them to log on the site.
  What do u suggest I do?
  Cheers,
  Z

  Hi Yogiraj,
  Welcome to the Nokia Support Discussions!
  This thread may help you with your concern:
  http://discussions.nokia.com/t5/Asha-and-other-Nokia-Series-30/nokia-asha-306-Certificate-invalid-ac...
  Let us know the outcome.

• In iCal - I keep getting the error message " This calendar was created by Mail" and it will not accept any input; why..??

  In iCal - I keep getting the error message “ This calendar was created by Mail” and it will not accept any input; why..??

  use Disk Utility and Verify Permisions then fix and Verify Disk and fix, this should fix it.