IdolHands.com :: Days in the Life of an Alpha Geek
Self-Signed SSL Certificates in Apple Mail
LazyWeb call to action: someone needs to invent a term for the creation of a blog entry as an act of goodwill and permanent record, following on an arduous and unfruitful Google crusade to find the answer to a tricky and obscure technical problem. (See why that needs a buzzword?)
The background:
My house radiates WiFi like nobody's business, we're all laptopish, and I'm fairly paranoid. I hated the idea of checking mail over an unsecured connection, even with the (questionable) protection that a secured WiFi network brings. My hosting provider offered a self-signed SSL certificate option, so I started using that about a year ago.
The problem:
Every time I launch Mail, I get a dialog box for each of half a dozen accounts stating "Unable to verify SSL server pop.idolhands.com". That's really, really annoying.
The sarcasm:
Thanks, Apple, for naming your mail client "Mail". That makes a Google search really, really easy.
The solution:
Click on "Show Certificate" in the "Unable to verify SSL server..." dialog box. A new pane will appear containing more information about the certificate.
Option-click-drag the certificate icon in the certificate pane to the desktop. You'll end up with a file named whatever.server.com.pem
Double-click the .pem file. It will open in Keychain Manager, and a dialog box will open asking you if you want to add the certificate to a keychain.
Important: select "X509Anchors", not your account keychain, from the Keychain drop-down.
Click OK. You will be prompted for an admin password.
Note to Apple: while accepting self-signed certificates without a warning would be a Stupid Thing, and arbitrarily allowing users to permanently trust these certificates would be a Bad Thing, reading a stern warning and providing an admin password authorization should be the Only Thing that one has to do in order to trust a self-signed certificate. This obscure, non-inuitive 5-step approach stinks of security through obscurity.
