You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

đź’ˇ Did you know?

⏺ If you can't accept iCloud Terms and Conditions... Learn more >

⏺ If you don't see your iCloud notes in the Notes app... Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Profiles, Certificates, Mail, and SSL

Strictly speaking, I have an iPod Touch 32G with iPhone software 2.2 (5G77a) for this problem. Expect my problem is exactly the same as for an iPhone.

iTunes synced my email account information just fine for a work POP3 account, work Exchange account, and gmail via IMAP. But not for my personal FreeBSD-hosted IMAP account which uses Dovecot and a self-signed certificate generated with the script provided in Dovecot.

Have been using this configuration for years with Mail.app. Every year I generate a new certificate and prior to MacOS 10.5 used to move it into "X509 Anchors" or some similarly named place with Keychain Access.app.

First problem resolved was my FreeBSD machine was named "opus.local" in my DNS. Tcpdump showed the iPod was trying to find it via mDNS. Reconfigured my internal DNS server to use .home rather than .local. Had to make new certificate for Dovecot and reconfigure Mail.app on my Mac Pro.

Now dovecot complains to FreeBSD's /var/log/maillog that the iPod connected via TLS but "Aborted login (no auth attempts)". The iPod says "Cannot Get Mail: The connection to the server "opus.home" failed." Tcpdump shows dovecot sending the certificate. The console in iPhone Configuration Utility only says:
Wed Dec 24 21:55:18 unknown MobileMail[37] <Warning>: ERROR: The connection to the server "opus.home" failed.

So after much study I have created a profile and "Shared" it using iPhone Configuration Utility version 1.1. Put my .cer in Credentials, emailed it to a working account, then the iPod complained about not having a Mail profile and rejected the whole thing.

Made a profile including mail with IMAP via SSL on port 143. iPod installed this one. Didn't work. Viewing the profile on the iPod showed port 993 was selected, not 143, and being a profile it was locked against change.

Tried emailing the .cer file only. That succeeded in installing a certificate after deleting the previous profile. The iPod created a profile which only has my certificate, but is still not communicating with dovecot on opus.home.

Watching the communication with tcpdump the two exchange a good number of small packets before the iPod gives up.

My self-signed certificate is RSA with a 128 byte public key (1024 bits).

What am I doing wrong?

Message was edited by: David Kelly1

Mac Pro quad 2.66, Mac OS X (10.5.6)

Posted on Dec 24, 2008 8:16 PM

Reply
1 reply

Dec 24, 2008 8:42 PM in response to David Kelly1

Worked on this for weeks before posting. So after posting the above I disabled SSL on the mail account on the iPod. Enabled "PLAIN" authentication in Dovecot for non-encrypted sessions. And was able to download email.

Then I went back and re-enabled SSL. Checked email and finally got the message about the certificate possibly not secure (its self-signed).

Disabled the non-encrypted PLAIN in Dovecot, and everything still works!

There is something about iPhone 2.2 software that doesn't work with a self-signed certificate until after some traffic has moved through the account.

Profiles, Certificates, Mail, and SSL

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.