Mail refuses to accept server SSL certificate

Similar Messages

• Mail refuses to accept new certificate

  Hi there,
  I recently acquired a new digital ID issued by our government to replace my certificate from Thawte. The new certificate appears in Keychain Access under My Certificates an the email address in the certificate is exactly the same as the one used in Mail. Unfortunately Mail prefers to use the old certificate which has now expired, so I cannot sign any more messages.
  I tried to delete the old certificate from Keychain, but the problem remains : now Mail says it cannot find a valid certificate for this address although it clearly appears as valid in Keychain... How can I get Mail to use the new certificate ?
  The old certificate also still appears beside my email address in Address Book, although I deleted this certificate !
  Does anyone have the same or a similar problem and a solution ?
  Many thanks in advance,
  Dan

  I'm having a similar problem. Only I've never had a digital signature. I got a Thawte certificate, followed all their instructions but Apple Mail doesn't recognize it. I've tried every forum solution for the last two days, without any luck.
  Currently the certificate is in the System part of the Keychain. And it's showing up in both the Certificates and My Certificates sections. I've also tried variations of this setup. Nothing seems to get Mail to recognize the thing.

• Can't access Exchange ActiveSync server - SSL certificates not being used

  When I try to set up my email via Exchange ActiveSync to a corporate server, I am unable to connect. I am using the same exact settings as on an iPhone, where I am able to successfully connect.
  Reading the console log in the iPhone configuration utility, the problem appears to be that the iPad is not using the corporate certificates I have installed to enable SSL access to the Exchange server. These certificates are installed in the exact same way they are on my iPhone, where they work correctly.
  Has anyone else had a similar problem accessing Exchange mail using SSL certificates? Any ideas on how to fix this? Or is this a bug in the iPad software?

  IM having the same problem. iPhone works fine on exchange atvwork but iPad with same settings says cannot connect to exchange server. Have you figured anything out yet?
  Tom

• Office Web Apps Server SSL Certificate

  Hi
  I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
  I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
  If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
  Regards.

  Hi,
  Thanks for your posting in this forum.
  I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
  Thanks for your understanding.
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• SQL Server SSL Certificate

  Hi All,
  I am slowly getting to the bottom of applying SSL throughout my project but am stuck in the current situation and I need help please..
  Project is a Java servlet running on Windows. Java 1.6 and Tomcat 7 but connects to a SQL Server database and an Oracle database (running on unix). We have a keystore set up successfully on the servlets' server with root, intermediate certificates etc
  that successfully encrypts the connection to Oracle. The server team maintaining the server hosting the SQL Server database have supplied me with an SSL certificate, I am told is for accessing the SQL Server database. I am assuming it is a public key certificate.
  I am trying to apply this certificate to encrypt the network traffic to the SQL Server database. I have attempted to import the certificate into the keystore mentioned above using the Java keytool but this does not work so I deleted the certificate from
  the keystore again. I found the URL below which I have followed to install the certificate through MMC but cannot find how to now force Tomcat to encrypt the network traffic.
  http://support.microsoft.com/kb/316898
  Can someone please tell me what I am missing here please? There is loads of guidance on setting up keystores with root and intermediate certificates etc, but I cannot find any guidance on what to do in Tomcat to use a single provided SSL certificate. Do
  I use the Java cacerts file and import the certificate in there?
  Thanks in advance
  Regards
  AJF

  Hi SQL Team - MSFT
  Thank you for your response.
  I have been looking at this further.  I have only been given one SSL certificate which I am assuming because it has a file format of ".cer" it is the public key for the certificate on the server hosting the SQL server database.  For this to work
  they way we want, the "clients" will not have SQL Server Configuration Manager installed, but instead will have the SSL certificate mention above stored in a Keystore set up with the "Keytool" in the Java JRE.
  I am unsure how the guys who manage the server hosting the SQL server database have set up the SSL certificate, i.e. if they have set up a root and intermediate certificate etc.  I am currently trying to get information out of them (They are not
  located immdiately near my location).  I have a funny feeling they have not set up the SSL at their end correctly, and I am wondering if they have just imported into the servers browser, the same public key certificate they forwarded to me.  When
  you say "you have to first export the Trusted Root Certificate Authority from the server and import this to the client", what part of the SSL certificate(s) do you mean?
  Do you mean the Certificate Authority root certificate and I have to import that into the client as well as the public key certificate?
  I look forward to you next feedback.
  Regards
  Alanjo

• Snow Leopard Server - SSL Certificate Issue

  Hi. I am hoping someone can shine some light into an issue I am currently experiencing with SSL Certificates on the Snow Leopard Server which hosts out websites. This past weekend an SSL certificate pertaining to our primary domain expired which caused users to receive error messages prior to accessing the website ... the error message stated "the site's security certificate has expired!"
  I have since renewed the certificate via networksolutions.com and applied it on the Mac server. The certificate was applied successfully and i have added the certificate the sites along with restarting the apache to take in the settings. However, the certificate is not propagating out at all. I have also restarted the mac server as well in case there was something in the cache causing issues but unfortunately, the issue still exists.
  I have also removed the certificate entirely and reapplied it from scartch to make sure the original certificate wasn't causing any issues.
  Has anyone else incurred a similar issue or would anyone have any insight on how to possibly resolve the issue?
  Thank you!

  Just a quick update. the DNS seems fine but I am getting errors in the logs as follows.
  May 12 09:37:34 server jabberd/sm[2084]: version: jabberd sm 2.1.24.1-326.5
  May 12 09:37:34 server org.jabber.jabberd[2082]: ERROR: router died. Shutting down server.
  May 12 09:37:34 server com.apple.launchd[1] (org.jabber.jabberd): Throttling respawn: Will start in 10 seconds
  May 12 09:37:34 server jabberd/sm[2084]: attempting connection to router at 127.0.0.1, port=5347
  May 12 09:37:34 server jabberd/sm[2084]: shutting down
  May 12 09:38:45 server jabberd/sm[2167]: version: jabberd sm 2.1.24.1-326.5
  May 12 09:38:45 server jabberd/sm[2167]: attempting connection to router at 127.0.0.1, port=5347
  May 12 09:38:45 server jabberd/sm[2167]: shutting down
  May 12 09:38:45 server org.jabber.jabberd[2165]: ERROR: router died. Shutting down server.
  May 12 09:38:45 server com.apple.launchd[1] (org.jabber.jabberd): Throttling respawn: Will start in 10 seconds
  I checked the the crash report which has the follow kernal issue.
  Exception Type: EXCBADACCESS (SIGBUS)
  Exception Codes: KERNPROTECTIONFAILURE at 0x000000010011adb0
  Crashed Thread: 0 Dispatch queue: com.apple.main-thread
  Any ideas?

• Mail refuses to accept any mails if i turn spam/junk filter on! Why?

  Seems like something is wrong with my spam/junk filter.
  Im running a mac os x server 10.6.2. By the look of it the server tries to speak with something on port 10024 but gets no contact which makes it stop any e-mails.
  Someone made a suggestion that Amivis might be turned off but when reading the docs i found no additional information on how to turn it off besides using the enable buttons in Server Admin.
  Any help is welcome!

  May I ask why? Have you learned that that specific problem is solved in a pre-release version? So far I've upgraded once on your advice, now I've upgraded again to 31. Problem's still there. Unless I'm told that the problem's been solved for sure in a latter version, I'm not going to upgrade because sometimes the upgrades bring problems w/them for a low tech user. I don't want to chat, etc., I just want to be able to send and receive e-mails.
  I'm still working with the security software people re: some continuing issues w/FF.
  I'd like to spend more time doing my work, or communicating w/friends, not dealing w/software problems.
  Is there anyway of my finding out what, if any update, includes whatever is needed to solve my specific problem? I use Win7 Pro, SP1, 3.40 Gz processor, 3.19 Gb usable RAM, 64 bit OS. I don't know what other information is needed.

• OS X server  SSL Certificate Edit button missing

  Hello,
  Just purchased a mac mini server with Mountain Lion server preinstalled.  The initial setup with the wizard went smooth and have open directory setup and look good.  When I went to connect to it with my macbook it gave me a SSL missing warning.  Searches on the internet point to a SSL edit button under settings.  For some reason it does not show up when I go to that location.  Searched through the entire interface but i'm unable to find it.  Can someone show me where I went wrong?
  Thank you in advance

  Hi All,
  Aparently the answer lies within apache and a troublesome httpd.conf file, try this to get your button back.
  Quit server.app
  Go to Terminal:
  cd /etc/apache2
  sudo mv httpd.conf.default httpd.conf
  sudo apachectl graceful
  Start server.app
  Presto!
  Goodluck
  Jeffrey

• Portable class library - SSL certificate ignore support.

  Hi,
  We are developing mobile based project targeting to windows and ios platform. 
  1. Project has portable class library that is been shared among all this platforms.
  2. We have asp.net web api services for data provider hosted on server with http and https (ssL) enabled. 
  3. We are successfully able to call web api methods using System.Net.HttpClient in portable class library and data is provided by the utility helper methods to all platforms. 
  4. Now based on the specific requirement we have to utilized https enabled service and we have to switch to ssl enabled call. 
  5. Based on my research over internet "ServicePointManager.ServerCertificateValidationCallback" is one we can use in .net native framework libraries but not available for portable libraries. 
  If anyone can help in this area that how can we make https call from portable class library.
  Thanks in Advance,
  Brajesh patel

  Hello Brajesh,
  As far as I know, in these currently released PCL, there seems to be no way to use the SSL certificate for http request.
  My suggestion is that you could invite your friends or colleagues to vote this idea in below link(someone else already psot this request to the team):
  http://visualstudio.uservoice.com/forums/121579-visual-studio/suggestions/4784983-support-server-ssl-certificate-chain-inspection-in
  With the increase of the the voice number, this priority of this idea would be improved.
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Accepting runtime-specified SSL certificates in WebLogic 11g

  Hi all!
  In our application we need to call several Web Servervices based on URL's and trusted SSL certificates that are stored in database. Those certificates are self-signed but we cannot add them in the WebLogic truststore (we only want to accept them for those specific web service calls). This is 2-way SSL but our server refuses the remote certificate.
  What is the right way to do this?
  In WebLogic 10g we used to do the following:
      WlsSSLAdapter adapter = new WlsSSLAdapter();
      try {
          // setup for client certificate
          adapter.setKeystore(…);
          adapter.setClientCert(…);
          // setup for accepting the remote certificate
          adapter.setTrustManager(new TrustManager() {
              @Override
              public boolean certificateCallback(X509Certificate[] paramArrayOfX509Certificate, int paramInt) {
                  return paramArrayOfX509Certificate[0] == expectedCertificate;
      } catch (Exception e) {
          throw new RuntimeException(e);
      ((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(weblogic.wsee.jaxrpc.WLStub.SSL_ADAPTER, adapter);However in WebLogic 11g it appears that even if the <tt>TrustManager</tt> is called (which we checked by using a debugger), WebLogic refuses the certificate:
  <validationCallback: validateErr = 16>
  <  cert[0] = Serial number: 9232073310112809071929676484517784211
      Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
      Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=mestoudi2
      Not Valid Before:Tue Nov 01 14:33:31 CET 2011
      Not Valid After:Sun Nov 02 14:33:31 CET 2031
      Signature Algorithm:MD5withRSA
      >
  <weblogic user specified trustmanager validation status 16>
  <Certificate chain received from mestoudi2 - 10.142.0.23 was not trusted causing SSL handshake failure.>
  <Validation error = 16>
  <Certificate chain is untrusted>
  <SSLTrustValidator returns: 16>
  <Trust status (16):  CERT_CHAIN_UNTRUSTED>
  <NEW ALERT with Severity: FATAL, Type: 42
      java.lang.Exception: New alert stack
        at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
        at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
        at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
  …I think the first difference occurs on the line "+weblogic user specified trustmanager validation status 16+" where in WebLogic 10g the value was 0 instead of 16.
  If we check "Use JSSE SSL" in the WebLogic administration console (which switches the implementation to com.sun.net.ssl instead of com.certicom.tls), the <tt>TrustManager</tt> is not called at all.
  We also tried to configure the <tt>TrustManager</tt> by implementing a <tt>javax.net.ssl.X509TrustManager</tt> that we set on a <tt>weblogic.wsee.connection.transport.https.HttpsTransportInfo</tt> passed to the stub using
  ((weblogic.wsee.jaxrpc.StubImpl) servicePort)._setProperty(TRANSPORT_INFO, transportInfo);But it is not called either – however it works for setting up a proxy for example. We are generating the stubs using the clientgen Ant task (<tt>weblogic.wsee.tools.anttasks.ClientGenTask</tt>).
  We are a little bit stuck, any idea of what we should do? Is the WebLogic 11g behavior a regression or is there something else we should configure to get back the old behavior?

  Hello,
  Weblogic has two keystores : identity (if you are doing 2 ways SSL) and trust. you should import your "external" certificate in the "trust" key store.
  look at your server config to know your config : Home >Summary of Servers >AdminServer-->configuration-->keystore
  I suggest that you change the default configuration (not using the demo one),
  then when you know where is yo key store use the command line to add your certificate to trusted store (this is a example) :
  opt/weblogic10_3_3/jdk160_18/jre/bin/keytool -import -noprompt -trustcacerts -alias BLCCertificateAuthority -file cacert2035.pem -keystore /opt/weblogic10_3_3/jdk160_18/jre/lib/security/cacerts
  once your certificated is added to your trust store it should work.
  I hope it will help.

• Expert advice needed: Why could I not connect to my own server after deletion of SSL certificate?

  Issue: Could not connect to my own server after deletion of SSL certificate despite having SSL disabled
  Hello,
  I admit I am lay user with rudimentary SSL knowledge and I therefore messed up my certificates and I could no longer access my own server (Wikis, WebDav, Device Manager) with Safari. (error: Safari can't connect to server)
  Eventually, I could resolve the problem but I do not understand why there was problem in the first place.
  Maybe someone can explain that to me ?
  OK, here is what I did:
  I created a Certificate Authority because I wanted to use a free SSL Server certificate for our private server.
  (I followed  http://www.techrepublic.com/blog/mac/create-your-own-ssl-ca-with-the-os-x-keycha in/388 )
  Despite several attempts I never got the server to accept the certificate for web services, the certificate was accepted for iCal, Mail and iChat but not for Web services. I tested an older certificate that was created when I set up the server and that that worked for all services incl. Web. So the problem was with my certificate only.
  Out of desperation and lack of concentration I deleted the "original" certificate.
  Now, I soon noticed that I could no longer log in to my server. I solved the problem by restoring the original certificate.
  My question:
  I had SSL disabled in the Server app settings. Why does Safari still look for a proper certicate ? (the server logfile had an entry that a .pem file could not be found which makes sense if the cert has been deleted)
  I would be very grateful for an expert advice.
  Regards,
  Twistan

  Because....
  the server does not have a 'trusted' certificate assigned to it.
  Only the RDP Gateway has the trusted certificate for the external name.
  If you want to remove that error, you have to do one of the following:
  Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
  So, something like,
  server.domain.publicdomain.com
  Or,
  Install that certificate on your remote computer so it is trusted.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• E-Mail Setup fails with self-signed SSL certificat...

  Hi, one of my e-mails is with a small provider who just moved the mail server to Imap and SSL. In Thunderbird, everything works fine, setup on my Nokia C-6-fails with an unspecific error message (and trows away the settings). I asked the provider, and it seems that the problem comes up because the Nokia e-mail application doesn't asked me if I want to accept the certificate but instead rejects it. Is there a workaround to this problem? Is there a way to setup the mail account without using the wizard? Or to take over the settings from Thunderbird? Or a way to put the certificate in the right place manually? In Opera mobile I have no trouble with self-signed SSL certificates. Thanks Cave

  Any one around who can help? Self-Signed certificates are rather common, after all. I would be grateful cave

• Exchange Server Affected by SSL Certificate Organization Name Change

  We recently underwent a name change of our company. We added a few new domain names for the new company to our Exchange Server 2007 and updated our address policy to include them and everything seemed to work okay for a while.  We subsequently reissued
  the SSL Certificate for our Exchange Server under the new organization name (per the CA's recommendation) .  Shortly thereafter we experienced all sorts of issues necessitating a rebuild of our Exchange Server.  Is there any dependency between
  the organization name in an SSL certificate and the organization name that Exchange Server stores it's info under in Active Directory (which still had the old name) that would cause Exchange to go haywire?

  Hi,
  Please confirm you were creating a new domain in your AD or creating an accepted domain in Exchange server.
  If you directly create an accepted domain in Exchange, the new domain would be
  considered authoritative when the Exchange organization hosts mailboxes for recipients in this SMTP domain. We don’t need to create a new Exchange certificate for this new accepted domain because the
  SRV records can be used to connect to Autodiscover service. And the Exchange services URLs are not changed and they can still be authenticated by the original certificate (mail.domain.com, autodiscover.domain.com).
  Certainly, we can reissue a new Exchange certificate, please make sure the new Exchange certificate has included all needed namespaces for your Exchange server such as:
  Mail.domain.com, autodiscover.domain.com, autodiscover.newdomain.com
  We can also run Get-ExchangeCertificate | fl to check it.
  Regards,
  Winnie Liang
  TechNet Community Support

• Re: Mail for Exchange and SSL certificate

  I think this is what you need to do
  1. go to the page from where you have to install certificate
  2.You will see lock symbol at the right hand side of the page, click on it and save it on your desktop PC by going to details page
  3. Open Nokia PC Suite --> FileManager and trasnfer the certificate from your PC to FileManager
  4. Click on the certificate inside FileManager and install it, while installing allow it to choose its place automatically
  Then try synchronising your mail, you ill receive it for the first time when you connect then it wont ask you for that again till you connect next time.
  Hope this helps

  Here's how I got my Nokia to accept the certificate as trusted. It may not work for everybody but it worked for me and after the past week of messing about I am truly grateful for that...
  Basically, I uninstalled then reinstalled Certificate Services through add/remove programs. I then followed the advice on this site (below), but only as far as requesting a cert through IIS Manager.
  http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
  I followed the advice until this section (mainly because it wouldn't allow me to request a cert through IE on the server...)..
  "Getting the Pending Request accepted by our Certificate Authority"
  I then opened "certification authority" on the server (through administrative tools) and right clicked the cert authority which will have the same name as the cert you had just requested and selected properties. In my case, something like mail.mydomain.co.uk...
  Under the General Tab I highlighted "certificate#0" in the CA Certificates box and clicked "view certificates".
  This opens the cert and I then clicked the "details" tab and saved the cert to a location using the "copy to file" button.
  Using the wizard I selected the first option "DER encoded binary x509(.cer) gave it a friendly name, saved it somewhere handy and closed the wizard.
  I then copied the file onto a pc with the Nokia PC Suite installed and copied it to the documents folder (although any one will do). I guess you could bluetooth or email the cert as well..
  I then browsed to it on the phone, clicked on it and it let me save it automatically into the certs folder. I restarted the phone, checked SSL was on and bingo the certificate was trusted and remains working today... You might have to delete an existing cert if you already have one installed as it won't let you overwrite it..
  As I say, I can't say this will work for anybody else as I have probably fiddled around with the server so much it has gone west in some respects, but it works for me and that'll do for now...
  dc

• Ssl certificate problem under lion (mail,safari)

  Hello,
  After a timemaschine backup recovery to my imac (mid 2010) lion os x 10.7.1 there is a strange behavior with ssl certificates in mail and safari !
  Every time mail starts new it ask me to trust my mobile.me ssl certificate, what i do of course, but at the next start it appears again, same for ssl websites in safari every time a ssl popup to accept...
  What i have done til now:
  Repair permissions
  drag the ssl certificate icon in the popup to the desktop and accept it manually
  keychain utility edit all these ssl certificate and accept manually
  mail:reenter account passwords accept ssl certificate again
  reset keychain
  this behavior appears at all account on the imac
  ssl certificate are marked in the keychain utility as trusted
  now I'm at the end of my knowledge....
  can anybody please help, please !
  Thanks
  Tobias

  Hi Simon,
  As suggested by “TP” check where the certificate is stored. The certificate must be installed in the personal certificate of the computer account and not your personal account. Also you can check by running below command in command prompt to check
  where the issue is going wrong as stated by “Alan” in this thread.
  certutil -f –urlfetch -verify <your_certificate>.cer
  In meanwhile, also go through beneath link for more information.
  1.  How to Import a Server Certificate
  2.  Exporting/Importing SSL Certificates Between Windows Servers
  Hope it helps!
  Thanks.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.