Hey! Self-signed SSL Certificates for IMAP Can Be Added to the Keychain in 10.3.3!

/ Sandy Smith

I’ve had a problem with OS X’s Mail.app popping up an “Unable to verify certificate–do you want to proceed anyway?” message every time I open it and it connects to our company’s SSL-encrypted IMAP authentication with a self-signed certificate. It forces me to click “continue” every single time. While there is a workaround that involves long and complex command-line action, there is an easier way that now works.

My &uumlaut;berblogger friend Jason has been bugging me to document solutions to weird problems. After reading John Gruber’s article on writing for Google, I thought I’d try my hand at it.


The Apple-provided solution to the problem was to click “View the Certificate” and then option-drag the cert icon from the following window to the desktop, then drop it on top of the Keychain Access application (one of the best things about OS X, that app). The problem lay in the fact that there was a rather severe bug: dragging the icon to the desktop would crash Mail.app and fail to copy the certificate. I tested it and found that I could reproduce the bug, and 10.3.3 didn’t fix it.

Well, 10.3.4 came out yesterday and so I checked again and was pleasantly surprised to find that I could indeed follow the Apple Knowledge Base’s solution to the letter–well, almost. It’s not obvious that the “choice” the dialog in Keychain Access will offer you is the “keychain:” dropdown. I ignored this initially and it didn’t work, but the second time I chose the X509 Anchors entry below “System” and it worked.

The catch? I haven’t as of this writing installed OS X 10.3.4 on this machine. I have it on two other machines, one work and one personal, but my primary desktop is pretty crucial and I don’t update it willy-nilly. This being quite early in the morning, I forgot that. So what happened?

The only thing I can conclude is that this security update which affected Mail.app and came out after 10.3.3 fixed the problem.

So if you have 10.3.3 and have had this problem, make sure your security updates are up to date (you should do this anyway) and try again.

Now the one person besides me that this affected can sleep easily, knowing that i have documented the sudden, unexplained disappearance of the problem.

2 thoughts on “Hey! Self-signed SSL Certificates for IMAP Can Be Added to the Keychain in 10.3.3!

  2. I have two imap servers set up (I’m migrating from an older OS X box) and found that the option-drag did not crash my system if I did it on the SECOND security alert. If I opt-dragged from the first alert, it hung Mail. From the second one, it worked fine.

    If you have a specific server selected when you start Mail it gets queried first, so you can use that to get the alerts ordered the way you need them. Hope this helps.

    Like

Comments are closed.