How to fix the SSL “Verify Certificate” issue in Leopard Mail
Does this screen look familiar?
If you’re constantly having to click “Always trust XXX when connecting to XXX” when using Mail with SSL on, your solution may be a few clicks away.
In the above image, notice that it says “Always trust “smtp.gmail.com” when connecting to “imap.gmail.com”.” The problem here is that Leopard won’t ever trust a certificate (even after clicking the check box) when the server you entered in your account details doesn’t match the server name the certificate is using.
Here’s another slightly more complicated example…
I have several e-mail accounts hosted on “grid servers” from MediaTemple. You may use a different hosting company (i.e. Go Daddy, Yahoo!, Google, HostMonster) for your personal domains, but most don’t include SSL certificates that match your domain (or they cost extra). Since Mail won’t accept SSL certificates that don’t match your mail server, you may see something like this:
As you can see, the server entered in my Mail account settings is “mail.briancometa.com” but the certificate is for “*.gridserver.com.”
Unlike the first example, I can’t simply replace “mail.briancometa.com” with “*.gridserver.com” in my account settings (that’s not a legit mail server address).
In this case, I had to log into the Media Temple hosting panel to find out what grid server “briancometa.com” was hosted on. I knew to look for something ending in “gridserver.com” and after a little searching found that briancometa.com is, in fact, s6895.gridserver.com.
Back in Mail, I replaced both instances of “mail.briancometa.com” in my account settings with “s6895.gridserver.com.” I immediately quit and re-opened mail, re-entered passwords after checking for new mail, and re-entered passwords after sending messages from each account. If the Verify Certificate box pops up again, this should be the last time, make sure to click the “Always trust” checkbox.
NO MORE SSL ISSUES!! And, mail seems to run a bit faster — at least during startup.
–
Did this work for you too? Leave a comment and let us know.
Popularity: 12% [?]
I’m having the same issues – I’m using cPanel but I can’t seem to find the “grid server”. What section should I be looking in?
are you using mediatemple too? if so, log in from the mediatemple.net site and look around the admin section.
Hooray! Finally… Thanks for your help.
i read your article with great interest
since i have been with mediatemple i have had enormous problems with the certificate problem
thing is i go thro someone else’s account, and do not know how to find MY own gridserver address (and it IS gridserver)
can you go thro the process with a bit more detail? or even better send a link with instructions
btw at the moment Mail cannot even READ data from the server (which is as bad as it gets!!!)
extremely tiresome!
When this is applied in outgoing mail, it seems like there is no way for it to work because there is no visible View Certificate option when you get the error message – it just looks like it insists on getting a validly signed certificate. However, if you go to the server list it will suddenly pop up a dialogue similar to what is seen above and you can set it as a trusted certificate. Then, my emails started suddenly flowing out. I was almost shocked!
Thanks, Brian, for pointing me in the right direction!
D
@peter
1) you need to go to mediatemple.net and login (you’ll need the owner’s account login/password)
2) click “admin” for your domain
3) click “server guide”
4) look for the Primary Access Domain: http://sXXXXX.gridserver.com
5) replace mail.your-domain.com with sXXXXX.gridserver.com
6) fixed!
Brian, you’re a genius! Thanks v. much for the tip – as you said it’s barely a problem, but every day, every bloody day it does start to wear.
Also, for those that can’t access an owner’s ac level logging to a server I think the same server should be listed in the long headers / raw source view of a message to the account concerned as the server from which the message was received by. Mine for example was:
Received: from by tarago.websitewelcome.com
where tarago.websitewelcome.com is what you need to replace your incoming mailserver with.
THANK YOU!!!!
Ah thank you! This has been bugging me for awhile!