No, this isn’t the unofficial Leopard blog… but Leopard is out today and I’m finally free to talk about it fully.
A lot of people use cPanel. It’s a great front-end for managing web servers. And, it offers a lot of services quickly and easily. One of the things it offers is email with SSL support. But, not everyone goes out to get an SSL certificate for their server just because. Some of my servers do, some don’t… I’d tell you which, but I really don’t want you trying to spoof your way into my network.
In Tiger, Mail just let you off with a once-per-launch warning that the SSL certificate couldn’t be verified. And in Leopard, it still does that for reading email.
Not so for sending however. You get a notice that the SSL certificate couldn’t be verified, and you can’t send the email. Thanks Apple, no way to get around it… except of course to turn SSL off and have all my emails go out in the clear. Specifically, the error will read: “The certificate for this server was signed by an unknown certifying authority.”
Hopefully Apple will have this fixed by Macworld Expo… while I have a WWAN card, a lot of people will be trying whatever hotspot is open… and open to tapping into their email.
There’s a trivial workaround to this problem. When the certificate dialog comes up, click on ‘Show Certificate’, then the triangle next to ‘Trust’, then change ‘When using this certificate:’ to ‘Always Trust’. Once that’s done, SSL problems are solved – at least, in my experience.
Good point, Tiger wouldn’t let me do that on my unsigned SSLs… I tried. Looks like Leopard opened up a fix to it by letting you trust them fully.
Unfortunately, it looks like the feature isn’t sticking. Even when the certificate is set to always trust… Mail pesters about it on the next launch, and so you constantly have to tell the certificate to always trust on each launch.
Again, this is on Leopard, so past experiences have different results…
I’m having this exact same problem. Clicking the always trust doesn’t stick at all. I even tried resetting my Keychain because of a problem with Cyberduck. Nothing works. I’m so sick of putting in my password 100 times a day. I really wish Apple would address this more quickly. Mail is an every day irritation now when it used to work so smoothly with Tiger. I’m so frustrated that I’m thinking of switching to Thunderbird or something. I really used to love the Mail program. Now it’s become my tormentor.
To add insult to injury, I have about 10 e-mail accounts on the same server. The certificate works for some URLs but not for others. Same certificate. Same server.
Don’t bother switching to Thunderbird. It does the same thing and there doesn’t appear to be a work around. Not even a fake one like Mail offers (and doesn’t stick).
This is still happening for me (Leopard, automatic updates on, 10.5.4)… it seems to me this is a blatant defect that should have been addressed long ago… have I missed something?
Apple appears to be doing this by design. They seem to want to “encourage” everyone to get signed SSL certificates. I’m sure that the motivation is to enhance the security of the web, but for many it’s a needless expense… depending on the application, of course.
Well yes… it is annoying of them though, it seems like a bug really as the user is given the choice to always trust it, and then the application ignores that… so you may be right, but it looks like a bug and feels like a bug… I think it is fair to call it a bug 🙂
What’s up Mike, Chris, Jason, Dan, and Nick,
I finally found a solution. The problem is the certificate’s server name doesn’t match the server name in mail. OS X 10.5 will (intentionally) never save a certificate when these two things don’t match (regardless of “Always trust” checkbox). More info is on my blog where i wrote a little guide to fixing this problem (click my name above for direct link to article) or go to corewerkz.com and search for “verify certificate.”
Excellent! Thanks for that, worked for me!
Am now hoping to get iChat working in the same way if poss…
SWEET! Glad I could help… interested if the solution works for ichat, i’m guessing it would.
Take Care,
Brian
Hi All,
Just wanted to let any of you who have been having loads of trouble with this: I have found a solution that has solved ALL of my problems:
http://www.corewerkz.com/2008/08/26/how-to-fix-the-ssl-verify-certificate-issue-in-leopard-mail/#comment-409
Cheers!