How to fix the SSL “Verify Certificate” issue in Leopard Mail
Does this screen look familiar?
If you’re constantly having to click “Always trust XXX when connecting to XXX” when using Mail with SSL on, your solution may be a few clicks away.
In the above image, notice that it says “Always trust “smtp.gmail.com” when connecting to “imap.gmail.com”.” The problem here is that Leopard won’t ever trust a certificate (even after clicking the check box) when the server you entered in your account details doesn’t match the server name the certificate is using.
Here’s another slightly more complicated example…
I have several e-mail accounts hosted on “grid servers” from MediaTemple. You may use a different hosting company (i.e. Go Daddy, Yahoo!, Google, HostMonster) for your personal domains, but most don’t include SSL certificates that match your domain (or they cost extra). Since Mail won’t accept SSL certificates that don’t match your mail server, you may see something like this:
As you can see, the server entered in my Mail account settings is “mail.briancometa.com” but the certificate is for “*.gridserver.com.”
Unlike the first example, I can’t simply replace “mail.briancometa.com” with “*.gridserver.com” in my account settings (that’s not a legit mail server address).
In this case, I had to log into the Media Temple hosting panel to find out what grid server “briancometa.com” was hosted on. I knew to look for something ending in “gridserver.com” and after a little searching found that briancometa.com is, in fact, s6895.gridserver.com.
Back in Mail, I replaced both instances of “mail.briancometa.com” in my account settings with “s6895.gridserver.com.” I immediately quit and re-opened mail, re-entered passwords after checking for new mail, and re-entered passwords after sending messages from each account. If the Verify Certificate box pops up again, this should be the last time, make sure to click the “Always trust” checkbox.
NO MORE SSL ISSUES!! And, mail seems to run a bit faster — at least during startup.
–
Did this work for you too? Leave a comment and let us know.
Popularity: 13% [?]
YOU ARE THE MAN!
After bugging me since Leopard was released, I finally got Mail auto-accepting self-signed certificates using the steps above.
For anyone using Dreamhost, the incoming/outgoing servers should be set to postal.mail.dreamhost.com.
This worked like a charm. I can’t thank you enough.
Cheers!
thanks!!! glad I could help!
Having just moved from entourage to macmail (so we can use daylite) this was exactly our problem…. however the solution in the end was to go to advanced tab for the account and turn OFF ssl – it would seem that in this version when you add a new account it defaults to ssl ON. In my case our pop server does not use ssl.
Thanks for the page
For Dreamhost, it’s actually NOT
postal.mail.dreamhost.com
It’s the name of your mail server- .mail.dreamhost.com
In my case, my mail server is “spunky”, so mine is set to:
spunky.mail.dreamhost.com
Very useful post, Brian! I have to check what hostgator’s is for one of my domains.
thanks paul, good luck!
I have been plagued by this bloody problem for too damned long now and finally searc google correctly and found the answer.
Thank you Paul, very much
[ my previous response was missing 'mydomain' ]
I did the following to get the name of my mail server on Dreamhost from Mac OS X.
# host mail.mydomain
mail.mydomain has address 208.113.200.50
mail.mydomain mail is handled by 0 mx1.balanced.spacey.mail.dreamhost.com.
mail.mydomain mail is handled by 0 mx2.balanced.spacey.mail.dreamhost.com.
I then changed my incoming and outgoing mail server names to spacey.mail.dreamhost.com.
No more nagging certificate pop-up. Thanks!
hey walter,
can you give any more details on that command “host mail.mydomain?”
did you just type that in terminal?
when I tried host mail.briancometa.com it gave me this:
mail.briancometa.com has address 64.13.192.62
for host mail.briancometa I got this:
bcmb:~ cometa$ host mail.briancometa
mail.briancometa has address 208.67.216.132
Host mail.briancometa not found: 3(NXDOMAIN)
any ideas why I didn’t get something similar to you?
it would be nice to have a terminal command which saves you from searching around for the actual domain name.
thanks!
Thank you! Fixed the issue. I’m on Hostmonster and had to set the server to host303.hostmonster.com