You will see that error when you have SSL authentication set up in your
account settings when your server doesn¹t really have it. Go to Tools >
That's possible, though I suspect you'd get a rather different error back if
that were the case.
I suspect instead that the server *is* using SSL, but the certificate it is
sending Entourage to prove that it is the correct server is signed by a
system that Entourage doesn't yet trust.
--- Aside ---
The way certificates work is this (warning - simplifications ahead): the SSL
server has a key, which is split into a public part and a private part. The
public part can be given to other people as it is mathematically infeasible
to work out what the private part is even if you know the public part.
The public part is digitally signed by another system, which also has a
public and private key. The SSL server's public key is signed by the other
system's private key. This system's public key is also digitally signed by a
third system's private key. And so on.
A signed public key is called a certificate.
A system will only sign a public key if it trusts the owner of that key.
This sometimes involves money.
Obviously this chain (A is signed by B, B is signed by C, ...) can't go on
for ever, so the last public key in the chain of certificates is signed by
its own private key, and is called in the lingo "self-signed". This is a
so-called root certificate.
A chain can be just a single self-signed certificate, but they usually
contain at least two certificates.
Root certificates are often owned by organizations called Certificate
Authorities or CAs. You may have heard of some commercial ones like Verisign
and Thawte.
SSL servers aren't the only things that can have public and private keys -
users can have them too and Entourage 2004 can now use user keys to
digitally sign and encrypt email.
--- Aside ---
So in order for Entourage to verify the SSL connection, it has to verify
each step of the certificate chain. What seems to be happening is that one
step of the chain leads to an unknown certificate, which means that the
entire chain is untrustworthy.
The solution - but only if you trust the server and want to receive email
- is to obtain the untrusted root certificate your server's sending you,
and add it to your Mac's list of trusted root certificates.
I don't know how you'd obtain the certificate, but it might be downloadable
from your provider's support web site. If it isn't, they ought to be able to
email it to you. (Yes, that might be tricky if you can't read email...)
Once you've got the certificate, you need to import it to the keychain
"/System/Library/Keychains/X509Anchors" (which is your Mac's list of trusted
root certificates) using /Applications/Utilities/Keychain Access.
Cheers,
Chris
