Where do you get Certificates of Authority

[iGreg]

Version: 2008
Operating System: Mac OS X 10.5 (Leopard)
Processor: Intel
Email Client: imap

I am unable to send Secure email via IMAP .Mac email account because it says I need a Certificate of Authority. I see alot of instructions here on how to install them, but nothing about were I get such certificate. Where do I get one?

BTW. Why is it I can get email over secure SSL, but not send?

 

[William Smith [MVP]]

I am unable to send Secure email via IMAP .Mac email account because
it says I need a Certificate of Authority. I see alot of instructions
here on how to install them, but nothing about were I get such
certificate. Where do I get one?

BTW. Why is it I can get email over secure SSL, but not send?

You do not need to download and install any certificates for Apple's
MobileMe service, but you may need to update your Mac OS to get the
latest root certificates installed. Select Apple menu --> Software Update...

What are your settings in your MobileMe account?

For Receiving Mail:

Server: mail.me.com
Select: This IMAP service requires a secure connection (SSL)
Do not select: Override default IMAP port
Do not select: Always use secure password

For Sending Mail:

Server: smtp.me.com
Select: SMTP service requires a secure connection
Select: Override default SMTP port (587)
Select: SMTP server requires authentication
Select: Use same settings are receiving mail server

Also, see this article on Apple's website:
<http://support.apple.com/kb/HT2082>

--

bill

Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
Twitter: follow <http://twitter.com/meck>

 

[iGreg]

The only thing different I have is I do not have the "me.com" listed, but the "mac.com" instead listed.

I am fully up to date with my OS. Are you saying then I have the certificate but it is not configured right? If so what is its name?

 

[William Smith [MVP]]

The only thing different I have is I do not have the "me.com" listed,
but the "mac.com" instead listed.

I am fully up to date with my OS. Are you saying then I have the
certificate but it is not configured right? If so what is its name?

..Mac changed to MobileMe last summer and while the mac.com E-mail
addresses are still valid, the servers are now:

receiving: mail.me.com
sending: smtp.me.com

Apple has probably not updated the certificates for the mac.com server
addresses, which is why you're probably seeing the error messages.

Update your server addresses to the me.com servers and I'd imagine the
problem will go away. Be aware that changing server addresses will purge
your current set of messages and then download them again. This is
normal. Just in case, be sure to back up this folder within your home
folder:

Documents/Microsoft User Data

Hope this helps!

--

bill

Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
Twitter: follow <http://twitter.com/meck>

 

[iGreg]

What is the name of the certificate in Keychain Access and were in KeyChain Access is it, in Login, Microsoft Intermediate Certificates, System, or System Roots?

I may have confused things by creating my own certificate earlier to try to fix it.

 

[William Smith [MVP]]

What is the name of the certificate in Keychain Access and were in
KeyChain Access is it, in Login, Microsoft Intermediate Certificates,
System, or System Roots?

I may have confused things by creating my own certificate earlier to
try to fix it.

The .Mac and MobileMe certificates are not in your keychain. These are
provided from the server to your computer when you connect.

When your computer is presented a certificate it then consults with the
certificate authority (CA) server that's listed in the certificate. If
your computer trusts the certificate authority then it will trust the
certificate.

Apple includes serveral Verisign certificates in your System Roots
keychain. Your Mac trusts these because Apple placed them there.

So, the process is that you connect to your MobileMe account and the
MobileMe server presents its certificate to your computer. Your computer
says, "I'm not sure that I trust you. I'll ask someone that I do trust
to verify you are who you say you are." The MobileMe certificate says,
"You can go ask Verisign." Because you have the Verisign certificates
pre-installed in your System Roots keychain, you trust Verisign.
Therefore, when your computers asks Verisign if the MobileMe certificate
is valid and it says "Yes" then you trust that the server you've
connected to is indeed MobileMe.

Creating your own certificate shouldn't affect anything. It should
neither hurt nor help.

Hope this helps!

--

bill

Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
Twitter: follow <http://twitter.com/meck>

 

[iGreg]

So, the process is that you connect to your MobileMe account and the

MobileMe server presents its certificate to your computer. Your computer
says, "I'm not sure that I trust you. I'll ask someone that I do trust
to verify you are who you say you are." The MobileMe certificate says,
"You can go ask Verisign." Because you have the Verisign certificates
pre-installed in your System Roots keychain, you trust Verisign.
Therefore, when your computers asks Verisign if the MobileMe certificate
is valid and it says "Yes" then you trust that the server you've
connected to is indeed MobileMe.

Creating your own certificate shouldn't affect anything. It should
neither hurt nor help.
Hope this helps!

Nevermind, I am totally lost.

I read all kinds of stuff on how to create your own certificates, and now I am told it niether helps or hurts. The whole certificate thing has become convoluted gibberish to me.

So, I am dropping the whole issue.

 

[William Smith [MVP]]

Nevermind, I am totally lost.

I read all kinds of stuff on how to create your own certificates, and
now I am told it niether helps or hurts. The whole certificate thing
has become convoluted gibberish to me.

So, I am dropping the whole issue.

Sorry you're frustrated. Certificates can be confusing, especially
because you don't see what happens behind the scenes.

Did you try changing your server addresses as I originally suggested? I
suspect that is all you really need to do.

--

bill

Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
Twitter: follow <http://twitter.com/meck>

 

[iGreg]

Yes, the change to me.com seems to work. Thanks.

How, or why, it works I have no idea. The whole Certificates of Authority thing is certainly not user-friendly.

 

[William Smith [MVP]]

Yes, the change to me.com seems to work. Thanks.

How, or why, it works I have no idea. The whole Certificates of
Authority thing is certainly not user-friendly.

Maybe this will help you understand them a little.

Parents tell their children never to talk to strangers and never to take
rides from strangers.

However, some parents plan ahead for emergencies. They give their
children a code word. Only the parents and the children know this code word.

Assume that a sibling has had an accident and is in the hospital. Both
parents are at the hospital and need a co-worker to pick up their other
child from school. The child does not know this co-worker.

The co-worker approaches the child and says, "I work with your mother.
She asked me to pick you up and take you home." The child asks, "What's
the code word?" The co-worker says the code word to the child. That's
like presenting a certificate.

The child knows that only his mother and father know the code word. They
are like a certificate authority.

Because the child trusts his parents and trusts that they would not give
out the code word except in an emergency, he then immediately trusts the
co-worker.

That's essentially what happens every time Entourage logs in to MobileMe
whenever secure connections are enabled.

This is also why creating your own certificate (creating your own code
word) won't work.

Sorry for being persistent but I hate seeing folks get confused. If I'm
still failing just say so and I'll stop.

Hope this helps!

--

bill

Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
Twitter: follow <http://twitter.com/meck>

 

[iGreg]

I understand the principal. It is the mechanism and procedure that are confusing and contradictory. Selfmade certificates do not work, but they provide a mechanism to allow one to make certificates.

Anyway you look at it they could have made it more user-friendly.

 

[Steve Thompson]

Version: 2008
Operating System: Mac OS X 10.5 (Leopard)
Processor: Intel
Email Client: imap

I am unable to send Secure email via IMAP .Mac email account because it
says I need a Certificate of Authority. I see alot of instructions here
on how to install them, but nothing about were I get such certificate.
Where do I get one?

BTW. Why is it I can get email over secure SSL, but not send?

You can get a free certificate here: http://www.thawte.com/

--
Sincerely,

Steve Thompson
A proud 24" iMac user since 2007 (Leopard 10.5.6)
2.4GHz Intel Core 2 Duo, 4GB 667 MHz DDR2 SDRAM

 

[iGreg]

I am now getting the following error message when I send something:

"Unable to establish a secure connection to smtp.me.com because a certificate on the server's certificate chain has expired or is not yet valid. Please check that your computer's clock is set to the correct time.

If you continue, the information you view and send will be encrypted, but will not be secure."