Profiles, Certificates, Mail, and SSL
Strictly speaking, I have an iPod Touch 32G with iPhone software 2.2 (5G77a) for this problem. Expect my problem is exactly the same as for an iPhone.
iTunes synced my email account information just fine for a work POP3 account, work Exchange account, and gmail via IMAP. But not for my personal FreeBSD-hosted IMAP account which uses Dovecot and a self-signed certificate generated with the script provided in Dovecot.
Have been using this configuration for years with Mail.app. Every year I generate a new certificate and prior to MacOS 10.5 used to move it into "X509 Anchors" or some similarly named place with Keychain Access.app.
First problem resolved was my FreeBSD machine was named "opus.local" in my DNS. Tcpdump showed the iPod was trying to find it via mDNS. Reconfigured my internal DNS server to use .home rather than .local. Had to make new certificate for Dovecot and reconfigure Mail.app on my Mac Pro.
Now dovecot complains to FreeBSD's /var/log/maillog that the iPod connected via TLS but "Aborted login (no auth attempts)". The iPod says "Cannot Get Mail: The connection to the server "opus.home" failed." Tcpdump shows dovecot sending the certificate. The console in iPhone Configuration Utility only says:
Wed Dec 24 21:55:18 unknown MobileMail[37] <Warning>: ERROR: The connection to the server "opus.home" failed.
So after much study I have created a profile and "Shared" it using iPhone Configuration Utility version 1.1. Put my .cer in Credentials, emailed it to a working account, then the iPod complained about not having a Mail profile and rejected the whole thing.
Made a profile including mail with IMAP via SSL on port 143. iPod installed this one. Didn't work. Viewing the profile on the iPod showed port 993 was selected, not 143, and being a profile it was locked against change.
Tried emailing the .cer file only. That succeeded in installing a certificate after deleting the previous profile. The iPod created a profile which only has my certificate, but is still not communicating with dovecot on opus.home.
Watching the communication with tcpdump the two exchange a good number of small packets before the iPod gives up.
My self-signed certificate is RSA with a 128 byte public key (1024 bits).
What am I doing wrong?
Message was edited by: David Kelly1
iTunes synced my email account information just fine for a work POP3 account, work Exchange account, and gmail via IMAP. But not for my personal FreeBSD-hosted IMAP account which uses Dovecot and a self-signed certificate generated with the script provided in Dovecot.
Have been using this configuration for years with Mail.app. Every year I generate a new certificate and prior to MacOS 10.5 used to move it into "X509 Anchors" or some similarly named place with Keychain Access.app.
First problem resolved was my FreeBSD machine was named "opus.local" in my DNS. Tcpdump showed the iPod was trying to find it via mDNS. Reconfigured my internal DNS server to use .home rather than .local. Had to make new certificate for Dovecot and reconfigure Mail.app on my Mac Pro.
Now dovecot complains to FreeBSD's /var/log/maillog that the iPod connected via TLS but "Aborted login (no auth attempts)". The iPod says "Cannot Get Mail: The connection to the server "opus.home" failed." Tcpdump shows dovecot sending the certificate. The console in iPhone Configuration Utility only says:
Wed Dec 24 21:55:18 unknown MobileMail[37] <Warning>: ERROR: The connection to the server "opus.home" failed.
So after much study I have created a profile and "Shared" it using iPhone Configuration Utility version 1.1. Put my .cer in Credentials, emailed it to a working account, then the iPod complained about not having a Mail profile and rejected the whole thing.
Made a profile including mail with IMAP via SSL on port 143. iPod installed this one. Didn't work. Viewing the profile on the iPod showed port 993 was selected, not 143, and being a profile it was locked against change.
Tried emailing the .cer file only. That succeeded in installing a certificate after deleting the previous profile. The iPod created a profile which only has my certificate, but is still not communicating with dovecot on opus.home.
Watching the communication with tcpdump the two exchange a good number of small packets before the iPod gives up.
My self-signed certificate is RSA with a 128 byte public key (1024 bits).
What am I doing wrong?
Message was edited by: David Kelly1
Mac Pro quad 2.66, Mac OS X (10.5.6)