Verify Certificate Jam in mail/adressbook
Hi there,
Using OS 10.7.3 adressbook, mail 5.2 I have an exchange account that worked fine.
This week it started complaining about the servers identity certificate. The problem is the dialog window is instantly jammed. So I can not go to the certificate specs and force the acceptation of the certificate.
It's strange that the dialog jam's, that's Apple's problem. My problem would be solved if I could tell my Mac that this website can be trusted.
I already now the obvious solution, get the IT department to update the certificate, well I'll try that too.
Gerbenvg
Hi there,
Using OS 10.7.3 adressbook, mail 5.2 I have an exchange account that worked fine.
This week it started complaining about the servers identity certificate. The problem is the dialog window is instantly jammed. So I can not go to the certificate specs and force the acceptation of the certificate.
It's strange that the dialog jam's, that's Apple's problem. My problem would be solved if I could tell my Mac that this website can be trusted.
I already now the obvious solution, get the IT department to update the certificate, well I'll try that too.
Gerbenvg
Similar Messages
-
Verify Certificate when opening Mail
Hi,
I hope someone can help. Every time I open up Mail,on my iMac, I get a "Verify Certificate" dialogue box. With the following message;
"Mail can't verify the identity of mail.me.com.
The certificate for this server is invalid.You might be connecting to a server that is pretending to be"mail.me.com" which could put your confidential information at risk. Do you want to connect to the server anyway?
I click connect and the mail works fine. However, the message reappears every time on opening mail.
I have tried the following,
1. I have opened the certificate and clicked on the "Always trust "mail.me.com" when connecting to "mail.me.com"" but this will be not ticked the next time I open Mail.
2. I have deleted then reopened the account.
3. I have deleted the ByHost file in User/library/preferences.
4. I have used the Keychain access and selected always trust for the certificate. It will not stay selected.
Is there any way I can get rid of this message. It does not occur when opening the account from my MBP.
ThanksGreetings,
If you have the same account(s) setup on your Macbook Pro and it works fine there, I'd say your Mail preferences file is corrupt. So, if you make a copy of the com.apple.mail.plist file on your Macbook Pro and move it to Home/Library/Preferences on the problem Mac (which will overwrite the current file), then restart Mail, it should work fine again. -
Constant Verify Certificate Message in Mail
Hi Forum,
in mail on my Mac Mini i get a constant message of:
Verify Certificate
The Identity of "Server" cvannot be verified.
the server it mentions is an old email i used to use but now dont. Its been deleted from my accounts and doesntr exist. I cant find anywhere in this or internet accounts that makes reference to this server?!?!?! How can i find it. Its constant. I cancel the message and it reappears.First, and most important, never change the trust settings of any SSL certificate unless you created it yourself. That's one of the most dangerous things you can do with a computer.
Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
Step 1
From the menu bar, select
▹ System Preferences... ▹ Date & Time
Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
Check the box marked
Set date and time automatically
if it's not already checked, and select one of the Apple time servers from the menu next to it.
Step 2
Triple-click anywhere in the line below on this page to select it:
/System/Library/Keychains/SystemCACertificates.keychain
Right-click or control-click the highlighted line and select
Services ▹ Show Info
from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
Repeat with this line:
/System/Library/Keychains/SystemRootCertificates.keychain
If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
*If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.
Step 3
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
In the Keychains list, there should be items named System and System Roots. If not, select
File ▹ Add Keychain
from the menu bar and add the following items:
/Library/Keychains/System.keychain
/System/Library/Keychains/SystemRootCertificates.keychain
From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu at the top, select
When using this certificate: Use System Defaults
Close the inspection window. You'll be prompted for your administrator password to update the settings. Revert all the certificates with non-default trust settings. Never again change any of those settings.
Step 4
Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
Help ▹ Keychain Access Help
from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
Step 5
From the menu bar, select
Keychain Access ▹ Preferences ▹ Certificates
There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.
Step 6
Triple-click anywhere in the line of text below on this page to select it:
/var/db/crls
Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.
A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
Step 7
Reboot, empty the Trash, and test. -
Verify Certificate Mail blocked
After opening mail verify certificate popped up and will not allow me to connect, cancel, shut down, or restart my macbook air.
Both the connect and cancel buttons are grey and not letting me click them. Also even when I try to close the window or quit mail it will say that I can't.Then no window accepts any clicks, so restart is not possible any more. I have to press the kill-button an the back. Not good at all.
-
Hello,
I have came across the problem of Verify Certificate that started just after renewign the old one.
To fix this on the users side and only if you are sure the server that writen is yours or you trust it just follow those stepps:
Click - GO - Utilities - Keychain Access.
Under the Category Click on Certificates and on your right click Get info on the one you face problems with.
Click on the arrow near the Trust and then choose on the "When using this certificate:" scrool down Always Trust.
Then just restart Mail and give it a min to resync.
I hope it helps.
Alon.Then no window accepts any clicks, so restart is not possible any more. I have to press the kill-button an the back. Not good at all.
-
Exchange mail setup - unable to verify certificate
When i set up my exchange mail account, just after i enter the exchange server details, i get a message saying "unable to verify certificate" and the option to "accept", which i did.
Thereafter i get the error message "failed account verification"
Does anyone know what the issue / workaround here is?OK, here is my information from Outlook OMA.
=============================================
Outlook(R) Mobile Access
Copyright (C) 2001-2003, Microsoft Corp. All rights reserved.
Ok
Outlook(R) Mobile Access Server: EDCOWA02
Outlook(R) Mobile Access Server, Microsoft(R) Exchange: 6.5.7226.0
Outlook(R) Mobile Access Server, Microsoft(R) Windows: 5.2.3790.0
Outlook(R) Mobile Access Server, Microsoft(R) .Net Framework: 1.1.4322.2407
Mailbox Server: EDCEXC01
Mailbox Server, Microsoft(R) Exchange: 6.5.7226
User Mailbox: Luis.Cavada
Rendering Format: html32
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
========================================================
Can someone help me in figuring out what is the user name and exchage server which i need to setup in my iphone 3G Exchnage settings.
I have tried everything I cound think of, but no luck !
Thanks, -
I've just changed email provider and I'm starting to get the mail can't verify certificate message every time I open up Mail. I remember I had this before but can't for the life of me remember what I did to finally resolve the issue! I've checked the "always trust" checkbox but the certificate message still appears. Please help!
I'm having the same problem, and checking and unchecking the "Always trust..." box. I've even tried closing mail and reopening it. I've tried sending an email from the account to my gmail account, confirming the email has been received, and then closing and reopening Mail. Still I get the "Mail can't verify" message.
I'm NOT using SSL for my mail. HOWEVER, since I have a hosting account, and since my email on that account is IMAP, and since there's special group of emails that I want to access on my cell and laptop too, I created another email address and am making sure that these particular emails are going there.
That means that two email accounts are going to the same mailserver address - mail.[mydomainname].com. The MTP is the same for incoming and outgoing.
I've repaired permissions. I've even attempted to throw away my plist, but that will be a nightmare of epic proportions, since getting rid of the plist means that all my accounts and mailboxes are gone and I'd have to recreate everything.
This is a fairly new issue.
Can anyone help Alan and me? -
Hi,
I Build an Lync 2013 set up with FEpool, Director pool and Exchange server is integrated. I have windows 8 client machine, with Lync client installed. When I try to login to the lync client, I am getting error like"There was a problem verifying
certificate from the server".
When I installed ROOT CA cert manually on client machine I am able to login to the lync client. similarly if I add my client machine in my domain, I am able to login to the Lync client.
Now is there any other way to send the certificate automatically to the client machine (Which are NOT part of the DOMAIN) from the server, instead of manual installation process.
Please help me troubleshoot this problemAgree with S Guna, there is no easy way to push a certificate automatically to a client that you don't control other than building an installer package and asking them to run it. In this situation, if there are a lot of non-domain joined machines
a third party certificate is the way you need to go.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
URGENT! PLS HELP... using JAMES as mail server
hi, first of all... happy new year to everyone...
i am currently developing a web based application and one of the component in the system is using JAMES as mail server. I am done some modification in config.xml in JAMES, now the problem is i can only send internal mails instead of external one, such as hotmail and yahoo.
The error occurs as below:-
RemoteDelivery: Exception delivering message (Mail1041375079561-0-!448616653-to-hotmail.com) - Could not connect to SMTP host: hotmail.com, port: 25
How can i send mails to hotmail and yahoo users or any other external mail?
Can anyone pls help me to solve this problem?
Thanks in advance.sounds like a network problem rather than a JAMES problem. Have you confirmed that you can ping the hotmail mail server, and then that you can "telnet" in to it on port 25?
If you have a windows machine handy, you can find out the IP address of hotmail's primary mail server by using nslookup:
C:\>nslookup
set type=MX
hotmail.comIf you don't get anything from this, it would indicate a DNS problem. Once you have the IP address, try to telnet to it on port 25:
C:\>telnet 65.54.254.129 25
Here's what I got...
220 mc1-f3.law16.hotmail.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.5600 ready at Wed, 1 Jan 2003 21:19:03 -0800
If you aren't able to connect, it's probably either a firewall at your end blocking outbound TCP traffic on port 25 (or possibly all ports), or a DNS issue, or some sort of routing issue with your ISP -
Verify certificate using Bouncycastle (J2ME)
Good evening. I have a problem.. I'm trying to verify certificate but signatures doesn't match!!!
byte[] cert_decoded = Base64.decode(pem_cert);
ASN1InputStream ais = new ASN1InputStream(cert_decoded);
DERObject obj = ais.readObject();
ASN1Sequence seq = (ASN1Sequence)obj;
ais.close();
X509CertificateStructure cert = new X509CertificateStructure(seq);
// getting certificate signature
byte[] signature = cert.getSignature().getBytes();
// trying to get "to be signed" structure
TBSCertificateStructure tbs = cert.getTBSCertificate();
// is it correct? trying to get bytes array of TBS..
byte[] tbs_byte = tbs.getEncoded();
RSAEngine engine = new RSAEngine();
// Is it correct? Cert uses "RSAwithSHA1"..
SHA1Digest digest = new SHA1Digest();
// Public key i'v got before from signing CA cert...
PSSSigner signer = new PSSSigner(engine, digest, 0);
signer.init(false, pub);
signer.update(tbs_byte, 0, tbs_byte.length);
boolean istrue = signer.verifySignature(signature);
In all cases i'm getting FALSE 8( what's wrong, please help! 8(
I tried to sign TBS data using CA's private key but signatures doesn't match anyway...I found example code here: http://www-128.ibm.com/developerworks/library/j-midpds.html
Below is that code pieced together with some minor fixes (seems they
had outdated calls to verifySignature() and generateSignature()).
This program runs and returns true for me. Maybe this can
help you figure out what's going on with your code...
import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.util.encoders.Base64;
public class RSASigBCLW {
private static BigInteger pubExp = new BigInteger("11", 16);
private static RSAPrivateCrtKeyParameters privKey;
private static RSAKeyParameters pubKey;
public static void main(String[] args) {
try {
_main(args);
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
* @param args
public static void _main(String[] args) throws Exception {
SecureRandom sr = new SecureRandom();
RSAKeyGenerationParameters RSAKeyGenPara = new RSAKeyGenerationParameters(
pubExp, sr, 1024, 80);
RSAKeyPairGenerator RSAKeyPairGen = new RSAKeyPairGenerator();
RSAKeyPairGen.init(RSAKeyGenPara);
AsymmetricCipherKeyPair keyPair = RSAKeyPairGen.generateKeyPair();
privKey = (RSAPrivateCrtKeyParameters) keyPair.getPrivate();
pubKey = (RSAKeyParameters) keyPair.getPublic();
String message = "this is a test message.";
String signature = getSignature(message);
boolean b = verify(message, signature, getMod(), getPubExp());
System.out.println("verify? =" + b);
// Public key specific parameter.
public static String getMod() throws Exception {
return (new String(Base64.encode(pubKey.getModulus().toByteArray())));
// General key parameter. pubExp is the same as pubKey.getExponent()
public static String getPubExp() throws Exception {
return (new String(Base64.encode(pubExp.toByteArray())));
static public String getSignature(String mesg) throws Exception {
SHA1Digest digEng = new SHA1Digest();
RSAEngine rsaEng = new RSAEngine();
PSSSigner signer = new PSSSigner(rsaEng, digEng, 64);
signer.init(true, privKey);
byte[] mbytes = mesg.getBytes();
signer.update(mbytes, 0, mbytes.length);
byte[] sig = signer.generateSignature();
String result = new String(Base64.encode(sig));
return result;
static public boolean verify(String mesg, String signature, String mod, String pubExp) {
BigInteger modulus = new BigInteger(Base64.decode(mod));
BigInteger exponent = new BigInteger(Base64.decode(pubExp));
SHA1Digest digEng = new SHA1Digest();
RSAEngine rsaEng = new RSAEngine();
RSAKeyParameters pubKey = new RSAKeyParameters(false, modulus, exponent);
PSSSigner signer = new PSSSigner(rsaEng, digEng, 64);
signer.init(false, pubKey);
byte[] mbytes = mesg.getBytes();
signer.update(mbytes, 0, mbytes.length);
boolean res = signer.verifySignature(Base64.decode(signature));
return res;
} -
Safari is unable to verify certificate.
Safari is unable to verify certificate. Can someone pls advise how to fix this issue? Im getting an error while trying to access adcbactive.com/Login page.
Many Thanks
Abyabytoaby,
When I attempt to access adcbactive.com I'm getting a "Phishing" warning through the Open Dns servers that I'm using. In fact, Open Dns is blocking me from loading that site. Be careful... -
Owsm policy step verify certificate
We try to use the OWSM for client authentication using "verify certificate". for what i understand of it i have to send along the public certificate with my request and that certificate should be in the trusted store. Can this store be the same store as the wallet the http server is already using.
when i look for the details of the verify certificate step i see that there are a few prerequisites
Prerequisite Steps Verify Signature, Decrypt and Verify, or if the transport security uses SSL.
i use a https://<server>/gateway/services/SID0003006?wsdl as endpoint from within the webserviceproxy and added the following before setting the endpoint in de proxy.
System.setProperty("javax.net.ssl.keyStore", "/home/maqish/keystore");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStore", "/home/maqish/keystore");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
I have added the server certificate in my trusted keystore and the public key is send to the server to be added as a trusted certificate.
using verify certificate it should be possible to verify that a request is from a trusted source. but this does not seem to work very well. or else there could be some other problem in my thoughts.
anyone who tried the same? or has ever used the policy step verify certificate?i do use the soa suite and jdeveloper 10.1.3.3 i have created a webservice which i have deployed to the soa application server. using this webservice works using http and https
when i use owsm to add this webservice as a service this also works. using http and https
when i add the request policystep verify certificate i get the following error
Failed to initialize pipeline 'Request' in policy 'repeater(0.1) -
Mail repeatedly asks to verify certificate
Hi
Using Mail 3.6 on 10.5.8
When I send from my .me account I am repeatedly ask to verify the recipient, with an oval connect button.
Can I stop mail from asking me this every time?
ASTo Clarify,
"Mail can't verify the identitiy of "smtp.mail.me.com".
The certificate for this serve was signed by an unknown certifying authority. You might be connecting to a server that is pretending to be "smtp.mail.me.com" which could put your confidential information at risk. Would you like to connect to the server anyway?
I get three balloons to chose from, show certificate, cancel, and connect. -
Does anyone know how to use a self signed certificate with apple mail??
Ive read about it in mail's help and tried to set it up according to it. Ive created a self-signed certificate but have no idea how to set it up as it would work with Mail so that i would be able to send signed messages. could anyone help me??
Hello rado:
Welcome to Apple discussions.
I am assuming this is what you read:
http://docs.info.apple.com/article.html?path=Mac/10.5/en/8916.html
If you follow the instructions when you set up the certificate, you should be fine.
Incidentally, most +"ordinary users"+ (like me) do not use this function. I am curious as to why you want to jump through hoops in your Mail application.
Barry -
Certificate Error in Mail with Gmail
When I log onto mail 5.2 using Gmail, I get the error "Mail can't verify the identify of pop.gmail.com." I can continue and use mail, but it tells me that my information may not be secure. I'm using OS X Lion 10.7.3 and the screens don't match anything online to verify the settings I have, so if someone can provide me with a link that I can verify my mail settings for Gmail, that would be great.
Thanks.So long as you use POP access and set Mail not to remove messages from the server under any circumstance. To do this open Mail > Preferences > Accounts and with the GMail account selected click on Advanced and UNcheck "Remove copy from server after retrieving a message".
Maybe you are looking for
-
4s with ios8 - battery drain issue - possible clue?
I am one of the 4s users who is experiencing significantly accelerated battery drain since upgrading to ios 8.0 the first day it was released. My battery will drain from %100 to less than %50 in less than two hours with typical light use. Previousl
-
I have 12 iPad 3s that I want to set up to train multiple groups of teachers on in anticipation of purchasing classroom sets eventually. I am looking for suggestions in how to set up the iPads to be used by multiple users.
-
MSMPENG Requiring large amounts of CPU Time
<---Time This is a picture of the CPU consumption on a multiprocessor cpu activity monitor on Win 7 SP1 running a Sandybridge Extreme. I know there was a problem during XP days. This has been going on for about an hour and one half.
-
App update rejected because it is downloading content?
Hello, I have a strange situation with the app store approval process. I have 2 apps which I am updating one of them is simply a lite version of the former. The lite and full version share 99% of the same code the only difference is that the lite ver
-
Hi, Looking here suggestion . My requirment is to show profit center in report. for that i created 1 muliprovider. now i am getting G/L Account Data like "#/100010", which should like "100010" only. and profit center like "#/DP01" which should like