Mac Doesn't like my Godaddy SSL Certificate

[ptireland]

I recently installed a new email server for our company. I went through the process to get a valid certificate and I added it to our mail server. All of the PCs work fine, but the Mac's have a problem with the certificate.

Perhaps they don't recognize godaddy as a valid certificate authority? I'm not sure.

All I know is I've got a lot of Mac Users and when they try to use IMAP email and do password authentication over SSL they get some kind of error saying they need to do something with a root certificate.

I'm not really strong with Macs, so I could use any help you can offer.

We've got people using Mac OS 10.3, 10.4, and 10.5.

I think I may have figured out what to do with 10.5. I went to our webmail with safari and then exported the certificate to the desktop. Then I dragged it onto the keychain access icon and it asked me what I wanted to do. (It didn't do this the same way in 10.3). I selected X509 Anchor and entered the admin password.

From what I've found online, this should have made it work. But the users are still getting errors and email that is either slow or doesn't work at all. This is for both Mac Mail and for Entourage.

Please help!

 

[wthayer]

Windows does something special to build the certificate chain back to the root and hides a common installation error that you'll see in every other browser/OS. Basically, with most certificates these days you have to install 2 (sometimes 3) certificates on your server.

9 times out of 10 the problem is that you didn't install the intermediate cert on your email server. You should be able to get that from instructions that came with the certificate. I don't know what email server you're running - if it's Exchange, I think you follow the directions to add the intermediate to the Windows system intermediate cert store using the certificate management snap-in to MMC.

You can prove for yourself that Go Daddy certificates work on OS X - just go to https://www.godaddy.com in your browser.

 

[simbalala]

…hides a common installation error that you’ll see in every other browser/OS. Basically, with most certificates these days you have to install 2 (sometimes 3) certificates on your server.

That’s what I’ve seen as well. Almost every time I’ve heard someone complain about this error (Mac or PC) it’s because of an incompletely installed certificate.