Sonntag, 3. Mai 2009

iPhone / iPod Touch with self-signed SSL certificate for IMAP

So first of all it a little bit tricky to use self-signed SSL certificate on the iPhone / iPod Touch.

When you try to install an IMAP Account with a self-signed SSL certificate you will get the message that this self-signed SSL certificate is not valide.

To get this work simple follow this steps:

1.) Remove first the old created IMAP Account with display the Error from iPhone / iPod Touch.
Restart your iPhone / iPod Touch, when you don't save your IMAP Account on your iPhone / iPod Touch yet, you can skip this Part.

2.) Rename your "imap-ssl.cert" to "imap-ssl.crt" and uploaded it to an webpage so that you can access them over an url. (Alternative you can send it to an email address which is already working on your iPhone / iPod Touch)

When you have uploaded the Imap SSL certificate simple open Safari and enter the URL to it for e.g: http://example.org/imap-ssl.crt

The iPhone / iPod Touch will asked you if you wan't to add this certificat, please click here on yes.

The Code you need to enter after this is your "iPhone / iPod Touch" Secruity Code not your PIN from your handy card.

3.) After this, simple create the IMAP Account again and make sure that your Email Addressname and the SSL hostname match with the Common Name (CN).

For e.g:
dummy@example.org matchCommon Name (CN) example.org
dummy@example.org match NOTCommon Name (CN) mail.example.org
dummy@sub.example.org match NOT
Common Name (CN) example.org

When you go under Settings => General => Profil you should see your profile and the
Common Name (CN).

4.) Have fun with your iPhone / iPod Touch and your self-signed SSL certificate for IMAP.

1 Kommentar:

  1. Thanks for the post.. works great.

    Additional note: If it cannot make SSL connection on port 993 AND a SMTP connection on port 25.. it will *not* associate the certificate with the account.

    So, if you are running on non-standard ports (which I was) it will not use the cert.

    After account creation you can change ports and it will retain the cert association with the account.

    AntwortenLöschen