14 Replies Latest reply: Dec 21, 2008 6:41 PM by Jostein
felixgash Level 1 Level 1 (0 points)
Hey guys, I'm new here. Hope everybody's well and hopefully somebody can help me!

I've recently bought a domain name and have created a couple of email addresses. I set them up through Mail and they were fine for the last couple days, until now..

I keep getting asked to verify my mail server certificate? I've already clicked "always trust" a fair few times, it prompts me to enter my administrator password and then seems to work. Only recently it's been asking me for this password twice.. as in, I'll enter it, and then it will ask for it agian INSTANTLY, as though I'd entered it wrong or something.

Here's a screenshot of my problem:


It's becoming very frustrating, and everytime I quit Mail and relaunch it asks me to verify the certificate again.

Is this a Leopard problem? Or something to do with my hosts?

Any help is really appreciated.



Macbook, Mac OS X (10.5)
  • felixgash Level 1 Level 1 (0 points)
    Every time I click the "always trust this certificate" tab and enter my password, it's as though it doesn't even register this because it just asks me the same thing (to verify certificate) next time.

    This is really annoying.

    Just tried it now and still the same prob.

    Is this a Leopard problem with accepting private mail server certificates?
  • felixgash Level 1 Level 1 (0 points)
    One more thing..

    I've set up a Gmail account and set it up in Mail, but it NEVER asks me to verify anything with Gmail and just works fine.

    It's just my two private email accounts that have the problem.
  • Computer Arts Level 2 Level 2 (415 points)
    I had been having this problem and this is what I did to solve it.

    Now my fix may be unique to my situation, but you all may be able to use it or at least start from it. My situation, I have several domains hosted at a service and they give me several options for mail servers; I can use my mail.mydomain.com or servers that have my host's name, the login and password is the same for either option.

    If I use my domain then I get the certificate error, the self-signed problem I would think. If I use the host's mail servers then no certificate error.

    I suppose I could look into getting my domain certificates authorized, but for now I am not getting the certificate error message

    PS: I have most of my email accounts set up for IMAP, but what I describe works with POP accounts as well.

    Good luck
  • Jan Riggert Level 3 Level 3 (645 points)
    I have exactly the same problem. Mail just asks me every time!
    It happens since I switched from POP3 to IMAP. But I need IMAP, 'cause I have 2 computers.
  • ArtieD Level 1 Level 1 (0 points)
    click 'Show certificate' then choose from all drop down selects you see 'Trust always' then 'hide certificate' and connect. At this point Mas OS will prompt you with authorizing your choice to trust this certificate always, just fill in your password and confirm. Re-launch Mail and you won't see this warning ever again.
  • Computer Arts Level 2 Level 2 (415 points)
    I have tried that Artie, but the "trust" is not persistent, it keeps asking for it every time I launch email. Well, it doesn't happen after I changed my settings as described above
  • orangekay Level 5 Level 5 (4,085 points)
    Leopard's keychain API included all new methods of specifying user trust settings, which would be great if they worked, but they don't, so they're frequently worthless. If you signed your own certificate then import the CA that you used. If you purchased a certificate from a third party then import any chain certificates they might have provided. Otherwise, you're pretty much at the mercy of the lone QA tester assigned to checking these things for that department. Sometimes nothing works.
  • Jamandmarge Level 1 Level 1 (0 points)
    G'day Felix,

    I had exactly the same problem you describe and I tried all the suggestions given here all without success. I even considered uninstalling Mail the re installing from the start up disc!

    The solution I found was to go to Mail Preferences >Accounts> Advanced and deselect the box 'Use SSL'. You will see that the Port Number changes to, in my case 110. Save the changes.

    I did this and have not been asked again to verify the server certificate!

    I now open Mail and new mail downloads without any trouble.

    Hope this helps

  • billybillyb1975 Level 1 Level 1 (0 points)
    Same thing happened here - was using the domain servers for my email and kept getting the certificate question.

    Did the same as Computer Arts and changed the servers to the hosting services and made sure I changed the outgoing ports to which they specified (465) and so far no questions about certificates.

    Think its really annoying that once you click always trust it just doesnt do a thing. Come on apple sort it out!!!! does this keychain crap actually work for anything!!!!
  • gumsie Level 4 Level 4 (2,150 points)
    Before you actually go blazing Apple just make sure that the server certificates haven't changed.
  • felixgash Level 1 Level 1 (0 points)
    Great stuff, thanks for the reply Jim - and, of course, the rest of you!

    I just don't ever quit Mail, that way it doesnt ask me!

    But I may try some of these suggestions.

  • = Ralph Rieck = Level 1 Level 1 (65 points)
    Jamandmarge wrote:
    The solution I found was to go to Mail Preferences >Accounts> Advanced and deselect the box 'Use SSL'. You will see that the Port Number changes to, in my case 110. Save the changes.

    I did this and have not been asked again to verify the server certificate

    Ehm, yeah, you just changed the connection method - now your authentication process is not encrypted anymore, therefore no certificate is needed. Solving by killing - great idea!
  • JimboRoberts Level 1 Level 1 (70 points)
    Hi all, I have been having the same problem but have worked it out...

    The problem is that Leopard won’t ever trust a certificate (even after clicking the check box) when the server you entered in your account details doesn’t match the server name the certificate is using.

    So to get around it, rather than using the incoming mail server you are using, try the one that shows up in the certificate, it may need some tweaking to what is actually shown, but that should do the job...

    Hope this helps...
  • Jostein Level 1 Level 1 (0 points)
    I had this problem. I solved it by making two separate self-signed certficates on my server. (It used to have only one.) Then I assigned one vertificate to SSL for SMTP and one to SSL IMAP/POP.

    Mail.app now remembers to trust these certificates now, simply by clicking "Always Trust" (whatever it was) as one expects one should. Once when first receiving email, and then one more time for sending email (for the SMTP).

    My Mail.app is configured to send and reveice through the same server but receive from mail.myserver.com and send to smtp.myserver.com.

    It doesn't seem to matter what I called the certficates. I just names them "MyCompany Mail" and "MyCompany SMTP", and assigned them to POP/IMAP and SMTP.

    It actually made sense that Mail.app would forget my trust setting for the certificate for mail.mycompany.com when I later trusted the same certificate for smtp.mycompany.com.

    Maybe this helps some of you!