Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Local, self-signed cert for SSL IMAP on Tiger?

I have a co-located Xserve running Server 10.4.11 (Up time: 380 days!) with IMAP, where I have admin access to install SSL certificates, but I don't quite have the justification to purchase one from a CA.

I also have several Mac computers where I read my email via IMAP with SSL encryption, and I was wondering if there is any way that I could install a self-signed certificate on my local computers that matches my Xserve and would be sufficient to make Mail.app stop complaining about my server.

I've been searching the web for tutorials on SSL, thinking that there must be some kind of provision within SSL where I could just set up all machines to be aware of a self-signed certificate in a protected file somewhere on each computer, and I assume that it should be possible to make SSL happy to talk between my own computers. But it seems that most SSL tutorials focus on https, not IMAP or other non-web networking connections. Also, I have a sinking feeling that if I did find information, then it might not be appropriate for the exact directory structure of Tiger. If anyone can help or provide pointers, it would be most appreciated.

P.S. I could potentially used a "free" signed certificate, but it is attached to a virtual domain that I am hosting on my Xserve, and I assume that it wouldn't match the domain of my email unless I juggle things around. Also, that free cert would eventually expire, and then I'll be back to the current situation of needing to use a self-signed cert.

Power Mac G5 Quad, Mac OS X (10.4.11), 14 GB RAM, 3-tier NetInfo

Posted on Jan 26, 2011 2:58 PM

Reply
2 replies

Jan 26, 2011 11:03 PM in response to rsdio

Never mind. I figured it out.

First of all, my Xserve certificate did not have the full FQDN, just a convenient subset. I created another self-signed cert with the true FQDN. I saw some hints around the web saying that Mail.app will always complain if the DN does not match.

Second, it turns out that Keychain Access is where the local certs live, and in Tiger I needed to drag the cert to my Desktop, open it, and store it in the x509 section.

All is good. Now to see how my iPhone likes the new certs...

Local, self-signed cert for SSL IMAP on Tiger?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.