Apple Mail doesn’t trust security certificate

Shared hosting customers using Apple Mail have repeatedly reported issues with SSL certificates not being trusted.

In most cases the first time Apple Mail connects to your ENOISE mailbox it will show a dialog box saying that the identity of your mail server can not be identified.

Apple Mail will prompt you to verify the server certificate when it first connects to a new mail server.

Click on the “Show Certificate” button to see the details. Here you can see that the problem is that the certificated was issues for *.extendcp.co.uk and Apple Mail complains that it doesn’t match you mail server’s name (ie: mail.yourdomain.com).

Apple Mail complains about a server name mismatch.

In this case this is ok because your mail server runs on a shared hosting platform, and SSL certificates are also shared. This means that all domains on a given server can connect via SSL using the same certificate (*.extendcp.co.uk).

Make sure you select the checkbox labeled Always trust "*.extendcp.co.uk" when connecting to "mail.yourdomain.com". This way we can tell Apple Mail that it is safe to trust this certificate.

You will be prompted for admin credentials (this is your OS X account, the user/password combination you use to log into your computer, nothing to do with the mailbox or hosting).

OS X asking for credentials in order to make changes to key chain

If you dismissed the dialog above when first connecting to your mailbox Apple Mail won’t ask you again, but you can always use OS X’s “Keychain Access” program to fix this. “Keychain Access” can be found in “Applications” > “Utilities”.

In the top right corner of the “Keychain Access” interface (see below) you can search for “extendcp.co.uk” to filter certificates by name and you will hopefully see the certificate appear in the main list. To make sure Apple Mail prompts you to verify the certificate again when you next connect simply select the certificate from the list and delete it by pressing the “back space” key or “Ctrl + Click” on the certificate and select “Delete” from the context menu.

OS X’s Keychain Access