OS X - Trust Certificate

by Inka Luoma last modified Mar 26, 2015 04:18 PM

This document shows how to trust a certificate for email when prompted by OS X. Take care in understanding what organization has issued the certificate and what organization uses the certificate. Phone OlympusNet if you have concerns about the authenticity of the *.megamailservers.com or *.userservices.net certificates.

For many years we've named our mail servers mail.olympus.net. Our mail servers are now run by userservices.net for our olympus.net email and megamailservers.com for our example.com domain email. The certificate or identity error is caused by using the mail server mail.olympus.net for janedoe@olympus.net instead of mail.userservices.net or mail.example.com for sally@example.com instead of mailc11.megamailservers.com.

If you set up your janedoe@olympus.net mail server as mail.userservices.net or your sally@example.com mail server as mailc11.megamailservers.com you will not get certificate or identity errors. Domains must not use mailc11.megamailservers.com until after the 2015 domain migration. Using this document to establish the trust settings for the certificate is preferred to changing the mail server names.

The identify error for mail.example.com appears as:mail.example.comCertError

The remainder of this document shows how to accept or trust the certificate for mail.olympus.net. The same procedure should be used for mail.example.com.

In the identify error example for janedoe@olympus.net that follows, the issuer is GO DADDY and the user is userservices.net.

  1. When you open email or try to send email, you will get the Certificate warning shown in the screenshot. Click on Show Certficiate outlined in red.
    showCertificate.jpg
  2. After opening the Certificate by clicking on Show Certificate, look for Trust (outlined in red in the screenshot below). Click on the horizontal triangle beside Trust.
    openTrust.jpg
  3. Click on the fields beside the 3 action items shown in the screenshot below outlined in red, and click on Always Trust to select it in each field. See step 4 before clicking Connect.
    alwaysTrust.jpg
  4. When you click on the Connect button outlined in the screenshot above, you will be prompted for your Macintosh account password (not the email account password). You may not have set a computer password when you set up your computer. If that's the case, just leave the Password field blank and select Update Settings.  Name will show the name you used when setting up your Mac for the first time. Click Update Settings when you are done. You may be prompted for your email password one time, the next time you open mail or send an email.
    compPassword.jpg

 

Non-supported Apple Computers

  1. Note that out of date computers, 10.4 or Tiger for instance, no longer work using SSL and also will not permanently resolve the Certificate trust.  Users of outdated computers will have to simply click the Connect button seen initially, every time they use email. Email is not transmitted securely if SSL is turned off.

Firefox greyed out Permanently store this exception greyed out

  1. When visiting a site or internal Intranet site with an untrusted certificate you keep getting asked if you want to trust the certificate and the Permanently store this exception greyed out is greyed out. Just turn history back on, trust the certificate and store, then turn history off again.