Share the joy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  


Does this screen look familiar?


Picture 3.png

If you’re constantly having to click “Always trust XXX when connecting to XXX” when using Mail with SSL on, your solution may be a few clicks away.

In the above image, notice that it says “Always trust “smtp.gmail.com” when connecting to “imap.gmail.com”.” The problem here is that Leopard won’t ever trust a certificate (even after clicking the check box) when the server you entered in your account details doesn’t match the server name the certificate is using.

Picture 5.png

In this case, imap.gmail.com should be changed to smtp.gmail.com to reflect the name of the server on the certificate and the problem goes away like magic!

Here’s another slightly more complicated example…

I have several e-mail accounts hosted on “grid servers” from MediaTemple. You may use a different hosting company (i.e. Go Daddy, Yahoo!, Google, HostMonster) for your personal domains, but most don’t include SSL certificates that match your domain (or they cost extra). Since Mail won’t accept SSL certificates that don’t match your mail server, you may see something like this:

Picture 6.png

As you can see, the server entered in my Mail account settings is “mail.briancometa.com” but the certificate is for “*.gridserver.com.”
Unlike the first example, I can’t simply replace “mail.briancometa.com” with “*.gridserver.com” in my account settings (that’s not a legit mail server address).

In this case, I had to log into the Media Temple hosting panel to find out what grid server “briancometa.com” was hosted on. I knew to look for something ending in “gridserver.com” and after a little searching found that briancometa.com is, in fact, s6895.gridserver.com.

Back in Mail, I replaced both instances of “mail.briancometa.com” in my account settings with “s6895.gridserver.com.” I immediately quit and re-opened mail, re-entered passwords after checking for new mail, and re-entered passwords after sending messages from each account. If the Verify Certificate box pops up again, this should be the last time, make sure to click the “Always trust” checkbox.

NO MORE SSL ISSUES!! And, mail seems to run a bit faster — at least during startup.


Did this work for you too? Leave a comment and let us know.


Share the joy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

24 thoughts on “How to fix the SSL “Verify Certificate” issue in Leopard Mail

  1. YOU ARE THE MAN!

    After bugging me since Leopard was released, I finally got Mail auto-accepting self-signed certificates using the steps above.

    For anyone using Dreamhost, the incoming/outgoing servers should be set to postal.mail.dreamhost.com.

    This worked like a charm. I can’t thank you enough.

    Cheers!

  2. Having just moved from entourage to macmail (so we can use daylite) this was exactly our problem…. however the solution in the end was to go to advanced tab for the account and turn OFF ssl – it would seem that in this version when you add a new account it defaults to ssl ON. In my case our pop server does not use ssl.

    Thanks for the page

  3. For Dreamhost, it’s actually NOT

    postal.mail.dreamhost.com

    It’s the name of your mail server- .mail.dreamhost.com

    In my case, my mail server is “spunky”, so mine is set to:

    spunky.mail.dreamhost.com

  4. I have been plagued by this bloody problem for too damned long now and finally searc google correctly and found the answer.

    Thank you Paul, very much

  5. [ my previous response was missing ‘mydomain’ ]

    I did the following to get the name of my mail server on Dreamhost from Mac OS X.

    # host mail.mydomain
    mail.mydomain has address 208.113.200.50
    mail.mydomain mail is handled by 0 mx1.balanced.spacey.mail.dreamhost.com.
    mail.mydomain mail is handled by 0 mx2.balanced.spacey.mail.dreamhost.com.

    I then changed my incoming and outgoing mail server names to spacey.mail.dreamhost.com.

    No more nagging certificate pop-up. Thanks!

  6. hey walter,

    can you give any more details on that command “host mail.mydomain?”

    did you just type that in terminal?

    when I tried host mail.briancometa.com it gave me this:
    mail.briancometa.com has address 64.13.192.62

    for host mail.briancometa I got this:
    bcmb:~ cometa$ host mail.briancometa
    mail.briancometa has address 208.67.216.132
    Host mail.briancometa not found: 3(NXDOMAIN)

    any ideas why I didn’t get something similar to you?

    it would be nice to have a terminal command which saves you from searching around for the actual domain name.

    thanks!

  7. i read your article with great interest

    since i have been with mediatemple i have had enormous problems with the certificate problem

    thing is i go thro someone else’s account, and do not know how to find MY own gridserver address (and it IS gridserver)

    can you go thro the process with a bit more detail? or even better send a link with instructions

    btw at the moment Mail cannot even READ data from the server (which is as bad as it gets!!!)

    extremely tiresome!

  8. When this is applied in outgoing mail, it seems like there is no way for it to work because there is no visible View Certificate option when you get the error message – it just looks like it insists on getting a validly signed certificate. However, if you go to the server list it will suddenly pop up a dialogue similar to what is seen above and you can set it as a trusted certificate. Then, my emails started suddenly flowing out. I was almost shocked!

    Thanks, Brian, for pointing me in the right direction!

    D

  9. @peter
    1) you need to go to mediatemple.net and login (you’ll need the owner’s account login/password)
    2) click “admin” for your domain
    3) click “server guide”
    4) look for the Primary Access Domain: http://sXXXXX.gridserver.com
    5) replace mail.your-domain.com with sXXXXX.gridserver.com
    6) fixed!

  10. Brian, you’re a genius! Thanks v. much for the tip – as you said it’s barely a problem, but every day, every bloody day it does start to wear.

  11. Also, for those that can’t access an owner’s ac level logging to a server I think the same server should be listed in the long headers / raw source view of a message to the account concerned as the server from which the message was received by. Mine for example was:

    Received: from by tarago.websitewelcome.com

    where tarago.websitewelcome.com is what you need to replace your incoming mailserver with.

  12. Pingback: Tech Talk Point » Unverified Host – Apple Mail – Self-Signed Certificate Issues with Apple Mail and CPanel/WHM

Leave a reply