46955 Views 91 Replies Latest reply: Mar 13, 2011 2:25 PM by Darmok
Currently Being ModeratedNov 29, 2010 10:28 AM (in response to Dr_Stein)ahaaaa.... you are not alone. found this thread after googling the subject all blooming weekend
switched from 3GS to HTC HD7 last week and I have a very similar problem.
the thing that really irritates me is that at least apple have a workaround, whereas microsoft do not!
i think there's a big conspiracy going on to make everyone use cloud based services or hosted exchange servers.Dell, Windows XP Pro
Currently Being ModeratedNov 30, 2010 5:23 PM (in response to Syth)So I tried the iPhone Configuration Utility and it didn't work for me either. But here's what did-
Go into Mail, Contacts, Calendars and select the account that has the self-signed certificate.
Go into Account Information
Select the Outgoing Mail Server
Change the Server Port from 587 to 25
When you do this, the Settings app will attempt to verify the account settings. If you have port 25 open on your mail server, it will give you the prompt that you're trying to use a self-signed certificate. Accept the certificate. If you don't have port 25 open, it will give you the error that it can't connect using SSL and will give you the option to try connecting without it. Hit cancel and change the port back to 587, then hit done again and you'll get the same prompt to accept the certificate. It should give you check marks on all the settings and then you should be good to go. If you changed the port to 25 and you want it to be 587 for some reason, just go change it back. You shouldn't have to re-accept the certificate. I've verified that this works on my iPhone 4 and my iPad, on WiFi and 3G and after a power cycle of both devices.
Basically it looks like the MobileMail app doesn't have the proper authority to change trust settings for these self-signed certificates. You have to do it through the Settings app. Just a guess though.
And obviously if you're using port 465 or some other port, just substitute that for 587. Changing the port is just an easy way to get the Settings app to re-verify the server connections, and that's when it'll prompt you to accept the certificate. It's just a faster way than having to delete and re-add the whole mail account.
Incidentally, this also works for CalDAV accounts- just change the port, wait for the error, hit cancel, then change the port back to 8443.MacBook Pro 1,1; Mac mini 3,1; iPhone 1,1; iPhone 2,1; iPad 1,1
Currently Being ModeratedNov 30, 2010 8:55 PM (in response to Syth)Ah crud. Never mind. It appeared to have worked at first, but after shutdown and restarting my phone, the dialogs are backMacPro Quad Core, G4 1000bT, MacBookPro, mini server, Mac OS X (10.6.5), 10.6.5 Server on MacPro
Currently Being ModeratedNov 30, 2010 9:11 PM (in response to Merged Content 1)Tried this workaround, seemed to work but then it was back to the same errors. Waiting for Apple to fix this...seems enough people are experiencing the same trouble; they really ought to get this taken care of.iPhone 3GX, iOS 4
Currently Being ModeratedNov 30, 2010 10:10 PM (in response to Syth)Yeah... as I mentioned in an earlier post, I think that, in order to properly test any solution, you need to terminate Mail from your background processes and then launch it again.
I haven't tried shutting the phone down and restarting it, but that would probably be an even more rigorous way of checking.iPhone 4, iOS 4, Mac G5
Currently Being ModeratedNov 30, 2010 10:16 PM (in response to jemenake0)I am disconnecting from the thread now. For everyone who can, emailing yourself the .pem files for the cert and downloading them via MobileMail on the iPhone does work to get you the iOS dialogue screens you need to permanently trust the self-signed cert. Been running on this for many days now.Mac OS X (10.6.5)
Currently Being ModeratedNov 30, 2010 11:49 PM (in response to Jonathan mergy)It did not work for me. I have my .pem file from the server, mailed it to myself, clicked it to install it, but iOS will not mark it as trusted. I can see it in my settings and it says "Untrusted" in red letters.MacPro Quad Core, G4 1000bT, MacBookPro, mini server, Mac OS X (10.6.5), 10.6.5 Server on MacPro
Currently Being ModeratedDec 1, 2010 9:07 AM (in response to Syth)I just want to restate the solution which worked for me:
I went to the SMTP server settings in Settings and replaced the hostname of my smtp server with the *IP address*. You can find out the IP address by Googling for "nslookup" and using any of the numerous pages that are found.
For the record, my certificate and DNS situation is as follows:
IP Address - Resolves to a name which resolves back to the same IP. That name is not the name in the certificate.
Certificate - Expired and signed by a non-trusted CA (Plesk, specifically)
I've yet to hear from anybody who says that they tried the IP trick and it did not work. Perhaps I'm not paying enough attention. Maybe we need to give standard names to the various solutions being proposed, so that people can clearly indicate what they've tried and haven't and what worked and what hasn't.
I humbly propose:
"IP Address" - Means replacing the hostname with the IP address. Specify if your IP resolves to a name which then resolves back to the IP.
"SSL Disable" - Means disabling the SSL or TLS capability in your SMTP server settings. This should always work, but it's not a tolerable solution for many of us.
"PEM Download" - Means downloading the PEM cert via Safari (and maybe sending it to yourself via mail. Not sure if there's a difference).
"Config Util" - Means installing the certificate, itself, via Apple's configuration utility.
"Config Util CA" - Means installing the CA certificate via Apple's configuration utility.
Any others I've missed? I'm leaving out the "port change" trick where you change the port number to something and then change it back. All this seems to do is try to re-verify the cert at config time, which, although promising, even the original poster said that it ended up not working after he had rebooted his phone. If we get anybody for whom this does work for, then we should add it.
So, to kick things off...
IP Address : Worked. (IP does resolve to a name which resolves to IP)
SSL Disable : Haven't Tried
PEM Download : Haven't Tried
Config Util : Haven't Tried
Config Util CA : Haven't Tried
- JoeiPhone 3Gs, iPhone OS 3.1.3, Mac G5
Currently Being ModeratedDec 1, 2010 9:29 AM (in response to jemenake0)No, the port change worked for me, just not someone else who tried it. I think the reason your IP address trick worked and my port number trick worked are one and the same- it forces the Settings app to re-verify the connection to the server, and if SSL is turned on that means verifying the certificate.
I have to ask those for whom these solutions are not working whether they have tried a restore of the phone with a restore of the backup, and then a restore without restoring the backup. The reason I'm asking is because my co-worker had no issues upgrading his iPhone4 with the same settings for our internal mail system as I have. I even created a new certificate for the mail server yesterday and he was able to authorize it within the MobileMail app and have it stick. So this may all be a matter of a bad install of the update, or just some corrupted settings from the older iOS version gumming up the works. I know everyone hates erasing their phone, but that's what AppleCare will tell you to do (or a Family Room Specialist at your local Apple Store).MacBook Pro 1,1; Mac mini 3,1; iPhone 1,1; iPhone 2,1; iPad 1,1
Currently Being ModeratedDec 1, 2010 1:49 PM (in response to Syth)Same issues here, with an iPhone 3G and an iPad/WiFi. Changing the SMTP settings as proposed doesn't work for me, even after a restore (with backup). Doesn't matter whether I am using 3G network or local WiFi...same issue. iPad asks for verification of certificate every time I unlock it (assuming here that the mail process is still running and wasn't terminated from the previous session). Apple needs to patch this ASAP with a "Trust Always" option on the warning dialog.MacBook Pro 15", Mac OS X (10.6.5), 2.4GHz Intel Core 2 Duo/4GB RAM
Currently Being ModeratedDec 1, 2010 5:41 PM (in response to Merged Content 1)Hi,
Thanks jemenake0 for the solution. Entering the IP address worked for me.
I changed the outgoing mail server to the server IP address and also the port from 25 to 1025 as many ISPs block port 25 because of spamming. I've switched my phone off and on several times and its still working for me.MacBook, Mac OS X (10.5.8)
Currently Being ModeratedDec 6, 2010 11:53 PM (in response to sarahuk)If you're using IMAP, simply deleting the accounts on the iPhone and setting them up again (on the iPhone) seems to work to solve the certificate issue. For some reason, if I perform an advanced sync and "Replace Information on this iPhone" the problem comes back.MBP, Mac OS X (10.6.5), iP4