Profiles, Certificates, Mail, and SSL

Strictly speaking, I have an iPod Touch 32G with iPhone software 2.2 (5G77a) for this problem. Expect my problem is exactly the same as for an iPhone.
iTunes synced my email account information just fine for a work POP3 account, work Exchange account, and gmail via IMAP. But not for my personal FreeBSD-hosted IMAP account which uses Dovecot and a self-signed certificate generated with the script provided in Dovecot.
Have been using this configuration for years with Mail.app. Every year I generate a new certificate and prior to MacOS 10.5 used to move it into "X509 Anchors" or some similarly named place with Keychain Access.app.
First problem resolved was my FreeBSD machine was named "opus.local" in my DNS. Tcpdump showed the iPod was trying to find it via mDNS. Reconfigured my internal DNS server to use .home rather than .local. Had to make new certificate for Dovecot and reconfigure Mail.app on my Mac Pro.
Now dovecot complains to FreeBSD's /var/log/maillog that the iPod connected via TLS but "Aborted login (no auth attempts)". The iPod says "Cannot Get Mail: The connection to the server "opus.home" failed." Tcpdump shows dovecot sending the certificate. The console in iPhone Configuration Utility only says:
Wed Dec 24 21:55:18 unknown MobileMail[37] <Warning>: ERROR: The connection to the server "opus.home" failed.
So after much study I have created a profile and "Shared" it using iPhone Configuration Utility version 1.1. Put my .cer in Credentials, emailed it to a working account, then the iPod complained about not having a Mail profile and rejected the whole thing.
Made a profile including mail with IMAP via SSL on port 143. iPod installed this one. Didn't work. Viewing the profile on the iPod showed port 993 was selected, not 143, and being a profile it was locked against change.
Tried emailing the .cer file only. That succeeded in installing a certificate after deleting the previous profile. The iPod created a profile which only has my certificate, but is still not communicating with dovecot on opus.home.
Watching the communication with tcpdump the two exchange a good number of small packets before the iPod gives up.
My self-signed certificate is RSA with a 128 byte public key (1024 bits).
What am I doing wrong?
Message was edited by: David Kelly1

Worked on this for weeks before posting. So after posting the above I disabled SSL on the mail account on the iPod. Enabled "PLAIN" authentication in Dovecot for non-encrypted sessions. And was able to download email.
Then I went back and re-enabled SSL. Checked email and finally got the message about the certificate possibly not secure (its self-signed).
Disabled the non-encrypted PLAIN in Dovecot, and everything still works!
There is something about iPhone 2.2 software that doesn't work with a self-signed certificate until after some traffic has moved through the account.

Similar Messages

  • Problems with Apple Mail and SSL SMTP

    All of a sudden I'm having trouble sending mail through SMTP when using SSL on port 465.
    No other mail clients (Outlook, Thunderbird, Entourage) have the problem.
    It was working then quit.
    I'm scratching my head. Any ideas?
    Regards,
    Rob

    Try using a different use account on your computer. If that works, then you know it is a problem with some config files. If so, then move /Users/yourusername/Library/Preferences/com.apple.mail.plist to your Desktop. Restart mail and put in settings. Ideally, it should then work. Good luck!
      Mac OS X (10.4.6)  

  • Mail and SSL IMAP (Also iPhone)

    Just recently got my phone, and love it, especially the email since I've got IMAP and the mailbox syncing is very very nice. However, I noticed that when I originally set up my email account (through my hosting and domain account at hostmonster.com) Mail had an issue with redownloading and syncing folders throughout the mail account. This appears to only be an issue with SSL logging in (which uses a different incoming and outgoing address) because when SSL isn't set up, the folders sync well; I can check email on my iPhone, move it or delete it, or just read it and Mail does the exact same thing when I get home and open Mail.
    So, two things about this:
    -Does Mail just not like IMAP connection through SSL? (I deleted the account and tried again in the Mail preferences with the same results)? The iPhone which used the same settings (until it was synced I presume) worked fine using SSL over wifi or EDGE.
    -Does iPhone change the settings when it's updated? Although it's not entirely necessary at this point, I'd like my email to have some form of encryption over networks, especially free open ones.
    Or, is it just some anomaly possibly with domain/hosting/email provider?

    Nevermind, it seemed to have corrected itself. I noticed that an outgoing server for Gmail was being used on Mail, and that might have confused it, so I reset it and things seem to work fine now.

  • Mail and SSl can not send  email

    I am having a problem with sending mail in 10.7.3 and mail 5.2
    The email account is a pop3 account.  It worked fine for a long time.Last week it started to fail to send outgoing emails
    I have deleted the account and added it back. Also have deleted the outgoing mail server.(when you delete a mail account it doesn' automaticly
    delete the out going mail server)
    I have another computer with the same email account and it works fine
    Finally I unchecked use SSL and The account can now send emails.
    User name and password are set correctly.
    I talked to apple and they are blaming it on Frontier.
    I have read other posts here about ssl problems with 10.7.2 and Imap accounts

    ** Mac Mail Set-up Assistant
    http://www.apple.com/support/macosx/mailassistant/

  • Mac Mail and SSL

    Hi, I'm sure this may have been answered before, but I can't find what I'm looking for. I use Mail.app to view my Gmail inbox and to send email from my Gmail account.
    I'm not sure about the SSL part, though. Does anyone know for sure that the moment I press send on Mail.app, the email is encrypted to Gmail's mail servers and then sent on its way.
    So, for example, can I safely send mail from Mail.app in a public WiFi area and be sure that it's encrypted? Is there a default option in the settings of Mail.app, or do I need to do something special?
    Also, when Mail.app downloads mail over IMAP, is that encrypted too?
    Thanks a lot,
    mark

    Thanks. I guess it's not just mine.
    If you figure out what's happening let me know!
    Thanks again!

  • BTYahoo premium mail and SSL

    HI,
    I have a BTYahoo Premium email account which I pay £1.50 a month for.
    Should I be able to connect to mail.btinternet.com via SSL?
    I have changed the settings to 465 and 995 for SSL in my outlook client but get the following error:
    socket error 10061, error number 0x800CCC0E
    I also have a gmail account setup in outlook which connects using these ports so I know I can send and receive using them.
    TIA

    vastre wrote:
    Should I be able to connect to mail.btinternet.com via SSL?
    Sadly, no.

  • Mac Mail and SSL port settings

    Since upgrading to Yosemite my Mac Mail changes port setting from 995 to 110 (I use SSL). This happen 2 or 3 times a week.  When this happens I can't download emails. I have to change them back. Please help to make my setting permanent.
    OS X 10.10.1 (14B25)
    MacBook Pro (Retina, Mid 2012)
    MAIL Version 8.1 (1993)
    regards...
    Model

    For Mac Mail do the following to edit your port numbers...
    Once in Mail choose Mail | Preferences...
    Click on Accounts
    For Outgoing Server Change do the following
    Choose the account you want to edit, then click on "Account Information"
    Next to Outgoing Mail Server (SMTP), there is a drop down.  Choose "Edit SMTP Server List..."
    Click on the Outgoing Server name, then click on "Advanced"
    Choose "Custom Port", then type in 465
    Clck on "Use Secure Socket Layers (SSL)
    Click "OK"
    For incoming Server Change Do the following:
    Choose the account you want to edit, then click on "Account Information"
    Click on "Advanced"
    at bottom, change "Port" to 995
    Click on "Use SSL"
    Once Done you will be prompted to save

  • Mail and On My Mac folders

    Hello Everyone, this happened to a colleague of mine and I dont want it to do the same to me but I need to carry out the same task. I only have one IMAP mail account in mac mail, the task is to delete this account and reset it up using the new server + settings. when my colleague deleted his account, it also deleted all his "On My Mac" folders and therefore all his saved emails.
    Is there a way a can disassociate the "On My Mac" folders from the IMAP account so they stay where they are when I delete the account or do I have to go through and save them all to a separate folder to reintegrate them when the new account is set up?

    You can always go into your user profile Library Mail and copy out the folders of the mail that’s on your Mac ignoring the IMAP folder.
    Once you have done that you can then delete and re-create the account. Once all that is done put the folders you copied out back in the mail folder, then you need to delete the Envelope Index file in the mail folder. By deleting the Envelope Index file mail will be forced to re-index all your mail again on the first time you open mail.

  • Re: Mail for Exchange and SSL certificate

    I think this is what you need to do
    1. go to the page from where you have to install certificate
    2.You will see lock symbol at the right hand side of the page, click on it and save it on your desktop PC by going to details page
    3. Open Nokia PC Suite --> FileManager and trasnfer the certificate from your PC to FileManager
    4. Click on the certificate inside FileManager and install it, while installing allow it to choose its place automatically
    Then try synchronising your mail, you ill receive it for the first time when you connect then it wont ask you for that again till you connect next time.
    Hope this helps

    Here's how I got my Nokia to accept the certificate as trusted. It may not work for everybody but it worked for me and after the past week of messing about I am truly grateful for that...
    Basically, I uninstalled then reinstalled Certificate Services through add/remove programs. I then followed the advice on this site (below), but only as far as requesting a cert through IIS Manager.
    http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
    I followed the advice until this section (mainly because it wouldn't allow me to request a cert through IE on the server...)..
    "Getting the Pending Request accepted by our Certificate Authority"
    I then opened "certification authority" on the server (through administrative tools) and right clicked the cert authority which will have the same name as the cert you had just requested and selected properties. In my case, something like mail.mydomain.co.uk...
    Under the General Tab I highlighted "certificate#0" in the CA Certificates box and clicked "view certificates".
    This opens the cert and I then clicked the "details" tab and saved the cert to a location using the "copy to file" button.
    Using the wizard I selected the first option "DER encoded binary x509(.cer) gave it a friendly name, saved it somewhere handy and closed the wizard.
    I then copied the file onto a pc with the Nokia PC Suite installed and copied it to the documents folder (although any one will do). I guess you could bluetooth or email the cert as well..
    I then browsed to it on the phone, clicked on it and it let me save it automatically into the certs folder. I restarted the phone, checked SSL was on and bingo the certificate was trusted and remains working today... You might have to delete an existing cert if you already have one installed as it won't let you overwrite it..
    As I say, I can't say this will work for anybody else as I have probably fiddled around with the server so much it has gone west in some respects, but it works for me and that'll do for now...
    dc

  • Certificate Based Authentication and SSL

    To whom it may concern,
    I have installed SJES on Solaris 9 x386 (intel version). Everything is running fine, the mails are also coming and going.
    Now, I need Certificate based authentication and SSL. I have downloaded versign.com trial certificate and have install it succesfully in the Messaging Server Console -- > Manage Certificates. The certificate is also visible in its tab.
    Next, I followed the documentation and enable ssl by using ./configutil utility. And also restarted the server.
    I am running my Messenger express (http) like this :
    http://testing.xyz.com:8100
    (I am using port 8100 for http access to mails). After restarting the mail server, I tried :
    https://testing.xyz.com:8100 also,
    http://testing.xyz.com:443 also,
    https://testing.xyz.com:443 also,
    but I cannot see the login page of the mail server. All the above mention url i tried and just given error "the connection was refused when attempting to contact testing.xyz.com. I CAN ONLY SEE THE LOGIN PAGE WHEN I WRITE THE OLD HTTP ADDRESS: i.e. http://testing.xyz.com:8100
    And I also checked the logs and the server is having no problem in starting and there is not a single word regarding SSL enabling in the logs.
    Please help me out, it's really a strange behaviour. I am using SunONE Messaging Server 6.0.
    Thanking you,
    Farhan Ahmed,
    System Engineer
    Dubai, UAE.

    Dear jay,
    I am pasting a line from imap and http logs ... i don't know what this error means and how to resolve it.
    [29/Dec/2004:14:42:45 +0100] testing imapd[888]: General Error: SSL initialization error: ASockSSL_Init: couldn't find cert Server-Cert (-8183)
    strange thing is that my certificate name is lowercase server-cert and also i can see in the GUI console the certificate name as lowercase and I have also set this parameter encryption.rsa.nssslpersonalityssl = server-cert (all lowercase), but the error in the log tells it as "Server-Cert" !!!! though it is "server-cert"
    i got this line from the http log:
    [29/Dec/2004:14:42:47 +0100] testing httpd[894]: General Error: SSL initialization error: ASockSSL_Init: couldn't find cert Server-Cert (-8183)
    I haven't missed the sslpassword.conf file step. I have placed the same password which i provided while generating the certificate request in the GUI.
    Help me out what this errors means and how to resolve them. I have also copied the cert7.db and key3.db to /opt/SUNWms*/config directory from the /var/opt/mps/serverroot/alias
    Thanking you,
    Farhan Ahmed,
    System Engineer,
    Dubai Internet City, Dubai, UAE.

  • Mail gives certificate warning with SSL off

    Since upgrading to Yosemite, every time I open Mail I get a Server Certificate warning for each mail account even though I have SSL off for them.
    At first I couldn't turn SSL off, each time I unchecked the SSL box and saved then went back in it was checked again. I then realised there was an additional checkbox in the Advanced section for Allow Insecure Authentication which kept the non-SSL settings. However, even though SSL is off for all four of my mail accounts I still get the warning about the server certificate each time I start Mail and it check the mailboxes for the first time.

    Hi
    Similar issue with Mail 'allow insecure authentication'. It keeps unchecking itself on restart, screen saver log out etc.
    The mail account is SSL but at the server end so doesn't need SSL in the Mail app.
    Might try with it on anyway...
    D

  • Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

                       Dear All,
    i have the folloing case :
    i am using ASA as Certificate authority for cisco anyconnect VPN users,the authentication happens based on the local database of the ASA,
    i want to issue a new certificate every 72 hours for the users ,and i want to send the one time password via email to each user.
    so what the setting of the mail and smtp server should be ,
    was i understand i should put my smtp server ip address then i have to create the local users again under(Remte VPN VPN--Certificate management--Local certificate authority --Manage user Database) along with their email addresses to send the one time passsword to them via their emails.
    i sent the email manually ,hwo can automate sending the OTP to our VPN users automatically vi their emails?
    Best regards,

    Thanks Jennifer.
    I did manage to configure LDAP attribute map to the specific group policy.
    Nevertheless, I was thinking whether I can have fixed IP address tied to individual user.
    Using legacy Cisco VPN Client, I can do it using IPSEC(IKEv1) Connection profile, where I set Pre-Shared Key and Client Address Pools. Each Client Address Pools has only 1 fix IP address.
    Example: let say my username is LLH.
    Connection Profile for me is : LLH-Connection-Profile, my profile is protected by preshared key.
    Client Address Pool for me is : LLH-pool, and the IP is 172.16.1.11
    Only me know the preshared key and only me can login with my Connection Profile.
    Using AnyConnect, I have problem. User can use any connection profile because I cannot set preshared key for AnyConnect. In that case, I cannot control who can use my Connection Profile and pretend to be me.
    Example:
    AnyConnect Connection Profile for me is : LLH-Connection-Profile, without any password
    Client Address Pool for me is : LLH-pool, IP is 172.16.1.11
    Any body can use LLH-Connection-Profile, login with another user name, let say user-abc which is a valid user in LDAP server. In that case, ASA assign 172.16.1.11 to user-abc and this user-abc can access server which only allow my IP to access.
    I hope above description can paint the scenario clearer.
    Thanks in advance for all the help and comment given.

  • (SSL?) Certificates, Safari, and blue question marks

    Recently I ran into some trouble with Mail and messed around with my certificates and Keychain a fair bit. Nonetheless, everything seems to be fine, except Safari. A problem I would run into intermittently before now dominates my online experience.
    I encounter images being replaced with blue question marks very frequently. Additionally, on webpages with logins and forms (e.g. eBay, Paypal), the formatting of the page is nearly nonexistent. Fonts, pictures, all missing--everything is just mashed together. I can still login, though. Before loading any webpage on which this happens, Safari notifies me that the page might not be secure. I click continue, and voila, blue question marks.
    If I then Ctrl-click on one of the question marks and choose "Open image in new tab", I get a certificate error, usually with what appears to be an image server. The message usually goes something along the lines of, "Safari can't identify the identity of the website "images-na.ssl-images-amazon.com". The certificate for this website is invalid. You might be connecting to a website that is pretending to be "images-na.ssl-images-amazon.com" which could put your confidential information at risk. Would you like to connect to the website anyway?"
    If I then click "Show Certificate", I see that "This certificate has an invalid issuer" If I check the box "Always trust these certificates" and reload the page, the image shows up. If I then go back to the original page and reload it, all images appear. This also solves my problem with forms and page formatting.
    However, this is obviously a pain. And a bit disconcerting, to boot. I've tried clearing the cache, resetting Safari, reinstalling Keychain and Safari via Pacifist, to no avail.
    Any thoughts on navigating this issue? It seems to occur primarily (if not entirely) with SSL certificates. . .
    Hopeful,
    a.

    Hi, aresnick, is that as in old lace? on the very long state named road?
    I looked in Safari help for "SSL certificates" in 10.3.9 and in 10.4.7 this term "Certificate". Irregardless both give the same message:
    Accessing websites that require a personal certificate
    If you need to access a website that requires a personal certificate, you will be provided with a certificate and instructions for installing it in your keychain.
    Once your certificate is installed in your keychain, you should be able to gain authenticated access to the website automatically.
    If you are unable to access the website, contact the website administrator.
    continue Safari Help: Deleting data saved from web forms
    If you select the option to automatically complete web forms using information from other webpages, Safari saves information you enter. You can delete this information, if you choose.
    Choose Preferences from the Safari menu and click AutoFill. Click Edit next to the "Other forms" checkbox. Select the item you want to delete and click Remove. If you want to delete all the items, click Remove All.
    If you don't want to use data from other web forms, deselect the "Other forms" checkbox in the AutoFill pane of Safari preferences.
    The Blue question mark and images do not appear appear, safari help:
    Images don't appear
    If webpage images don't appear, the option to display images may be turned off or there may be a problem with your network.
    Choose Preferences from the Safari menu and click Appearance. Click to select "Display images when the page opens."
    If the option is already selected, trying reloading the page. Choose Reload Page from the View menu.
    Therefore if i were you I would follow the instructions listed from Safari Help. I would also Reset Safari, which clears the history, empties the cache, clears the Downloads window, and removes all cookies. It also removes any saved user names and passwords or other AutoFill data and clears Google search entries. (see reset Safari in Help for more info)
    Then run perm. repair & a restart of the computer.
    You might want to look into updating to 10.4.7 following same steps as underlined in a. brodies in link posted to you earlier, in this thread.
    Good Luck.
    Hth. Please post back to let us know, how you did .
    Eme
    edited by: Eme x2

  • Mail Security certificate issue and cannot send email from mail app on surface 2

    well im have the same issue like others and coincidently we all started to have this issue just recently like few days ago. Please help us out as on the surface 2 mail app my Hotmail account ( The main account )
    cannot send mails and on the account setting it says there is a problem with the server security certificate. So how to fix it ???

    Does this issue only happen with Hotmail account? Have you tested the account in other mail programs or send a email via web mail in a browser? What is the result if we delete the account then recreate the account?
    Please also refer to solutions in this link:
    Supporting Windows Mail 8.1 in your organization
    See this part Self-Signed Certificates in Windows Mail 8.1
    http://blogs.technet.com/b/exchange/archive/2013/10/18/supporting-windows-mail-8-1-in-your-organization.aspx
    Yolanda Zhu
    TechNet Community Support

  • I am having trouble moving mail and and firefox profiles to Macbook from Powerbook

    I just inherited a cool late 2008 aluminum Macbook with Lion.  But I can't seem to get my Mail to move over or my Firefox preferences.  I tried the steps for moving mail:  copying and pasting the keychain, mail and mail preferences files.  Nothing happened. I've started now to set up the old way (ie setting up the accounts as if they were new) but know this is not a good idea.
    Trying to get something to work, I tried to move over my Firefox profile by copying the file into the same place on the new computer as old. Nothing.
    In both Mail and Firefox, I can see the new files, but they aren't being read. 
    Stupidly, I did not copy the old files before I pasted the new.
    Should I just start over and reload Lion??
    I'm so frustrated!
    Thanks for any help.
    Anne

    I also see that it seems to be moving all of the mail over from my gmail account.  I didn't mean to move everything out of gmail to this computer!  Now what do I do??

Maybe you are looking for

  • ASSET A/C

    dear all, while running tc-AJAB for year end run for asset. the fiscal year is not resetting in - TC-OAAQ

  • Error in releasing to accounting

    Hi all, Thanks for all the effort, I entered the invoice number on the first screen for billing and clicked on the green flag to realease to accounting and the following error occured: Error: Account 400000 requires an assignment to a CO object. Agai

  • Run applications Flex with USB Key

    There is software that help me to use USB memory key to run adobe air applications. Do you known if exist sofware security???

  • My PC can't see my ipod mini in 'source'

    My ipod mini cannat be seen on my PC or in 'source' in itunes when it is correctly connected. I have tried resettting the ipod and also putting it into disk mode.  Neither are successsful.  I alos have the latest itunes software. It stopped being see

  • My MacBook Pro 13 not booting up and chime is not heard

    My MacBook Pro is having recurrent problems. Initially after installing maverick x it started working slow then it didn't boot up at all and was stuck at apple logo while start up chime was still present. Then it again started working after disc reco