IMAP SSL Certificate Errors

I had the same problem - using a self-signed SSL certificate on a Linux server running courier IMAP. This is how I got it working (some wording may not be exact due to my faulty memory):

1) Enter Mail on iphone
2) Select "Other..." from list of mail providers
3) Enter all account specifics
4) Click 'Save' - I get the invalid certificate error
5) Click "Cancel' - it returns to settings screen
6) Click "Save" again - it says "You may not be able to receive email..."
7) Click "Ok"
8) Display changes to mail window, loads my messages despite the warning.

This was extremely helpful to me. Thanks. Basically it seems the iPhone assumes you want SSL turned on when doing IMAP, and it does not give you a way to turn if off until AFTER you have set up your mail. The advanced settings button does not even show up until AFTER you have the account saved, and every time you try to save it, you get error messages. So your steps below save the day, but I added a couple of more.

1) Enter Mail on iPhone
2) Select Other from the list of mail provider options
3) Enter all the Account specifics, in my case it was IMAP stuf
4) Click Save, and get the invalid certificate message
5) Click "CANCEL", an you get returned to the settings screen
6) Click "SAVE" again, it says, "You may not be able to receive email..."
7) Click OK
8) Now you can go back into the settings, and preso chango, the ADVANCED button now shows up at the bottom of the mail screen.
9) NOW you can go into the advance tab and turn OFF SSL for both sending and receiving mail.

What a pain, but it works.

I've just set up IMAP to a self-signed cert server and it warned about lack of trust but then worked just fine when choosing "continue". What version are you running? my setup's details below:

Server:
IMAP on 993, self signed cert, Windows 2003 w/ Exchange 2003 enterprise, fast imap enabled and show public folders in imap list enabled.

phone:
iPhone v1.1.1

Not sure where you going with that analogy Nathan,

a digital certificate has an issuer, issued by a CA, and a FQDN against which it is issued. therefore you can have a certificate that is issued by an untrusted CA but for the correct FQDN or it can be issued by a trusted CA but against an FQDN different to the server address used by the client to reach the server, or it can be both.

So, the ID has either got your wife's name on it (wrong target name), or it's written in crayons (untrusted issuer), or both; either way the cops are going to stop you.

Going back to the other guy's problem - i'm using an untrusted CA but it's made out to the correct host name, this seems to work fine.

Having similar trouble. It warned me about the certificate possibly being invalid when I added the account on the iPhone and I clicked continue. It now just seems hung on 'validating IMAP account information'.

Cheers

Russell

I'm using a 1.1.2 iPhone (in the UK). The server is on a Linux box, but not sure what exactly (hosted by dataflame.co.uk).

If I sync the account via iTunes, then the iPhone never gets passed the 'checking for new mail' stage. If I set up the account manually on the iPhone, then it warns me about the server but I just click continue, but then it just stays 'validating IMAP information' for ages and never completes this.

Maybe it just doesn't like my server, but Mail.app has no problem with it.

Cheers

Russell

Are you able to log-in with SSL disabled? I still can't.

I also get similar behaviour from Safari on the iPhone if I go to my secure web mail, hosted on the same server. Safari never errors, just sits there not loading the page, with the spinning disc in the status bar.

Cheers

Russell

Viking369,

That would explain the certificate being seen as invalid. It is kind of like if I was to try and use my wife's ID if I was to be stopped speeding. The information on the ID or certificate would not match the circumstances.

Hope this helps,

Nathan C.

Viking369,

Where I am going with that analogy is the certificate is stating it is for one host, but other information indicates its for another. In comparison to my analogy like I was claiming to be me wife, but am most definitely not.

If the certificate is for a different host, it would appear to be an invalid certificate.

Something else i should have noted - my self-signed cert does match the hostname i'm trying to reach. I wonder if the problem is a mismatch of certificate target and dns name..?