Enabling SSL Security in Mail.app, for OS 10.4

Your mail program, probably Apple’s Mail.app for version 10.4 if you are reading this, communicates with a mail server over local network connections, and possibly "Internet" network connections if you ever check your mail when you are away from your office.

If you do check your mail when you are not on your network, the Mail.app program must send a username and password in order to identify itself to the mail server – so the mail server knows who’s mail to send over.

In the process of asking for mail to be sent, Mail.app responds to the mail server’s request for a password. If that exchange of information happens over an insecure connection (POP, IMAP, SMTP, or HTTP) then your password is sent "in the cleartext" or in plain english for anyone with nefarious ideas to see. It’s really easy to do, and if you are on a wireless network doing this, it is very hard to know they are doing this.

This short guide will show you the steps required to enable secure connections for Mail.app. The connections the program will make will be Secure POP, or POPS, Secure IMAP, or IMAPS, Secure SMTP, or SMTPS, or Secure HTTP, or HTTPS, as in https://your.mailserver.com. If you ever check your mail from a web browser, you should ALWAYS use an https:// connection.

Open Mail.app’s preferences section

media-1233115375204.png

If you have more than one account, as I do above, choose the account you want to secure. Then select Accounts. Then click Advanced.

Advanced Tab

media-1233115527294.png

Put a checkmark next to Use SSL. The port number should automaticaly change to 993; if it doesn’t, manually make this setting. Then click Account Information.

Edit Server List

media-1233115629941.png

If you have more than one account, select the account you wish to secure.

Then click Server Settings…

Server Settings

media-1233115826258.png

Check the Use Secure Sockets Layer (SSL) and hit OK

Save your work!

media-1233115951423.png

Now, any information you send or recieve from the company mail server is encrypted. Note – this DOES NOT encrypt your email to other recipients, so don’t send credit card numbers, social security numbers, or any other private information you don’t want the world to know.

Advertisements

Enabling SSL Security in Mail.app, for OS 10.5

Your mail program, probably Apple’s Mail.app for version 10.5 if you are reading this, communicates with a mail server over local network connections, and possibly "Internet" network connections if you ever check your mail when you are away from your office.

If you do check your mail when you are not on your network, the Mail.app program must send a username and password in order to identify itself to the mail server – so the mail server knows who’s mail to send over.

In the process of asking for mail to be sent, Mail.app responds to the mail server’s request for a password. If that exchange of information happens over an insecure connection (POP, IMAP, SMTP, or HTTP) then your password is sent "in the cleartext" or in plain english for anyone with nefarious ideas to see. It’s really easy to do, and if you are on a wireless network doing this, it is very hard to know they are doing this.

This short guide will show you the steps required to enable secure connections for Mail.app. The connections the program will make will be Secure POP, or POPS, Secure IMAP, or IMAPS, Secure SMTP, or SMTPS, or Secure HTTP, or HTTPS, as in https://your.mailserver.com. If you ever check your mail from a web browser, you should ALWAYS use an https:// connection.

Open Mail.app’s preferences section

media-1233114465313.png

If you have more than one account, as I do above, choose the account you want to secure. Then select Accounts. Then click Advanced.

Advanced Tab

media-1233114641452.png

Put a checkmark next to Use SSL. The port number should automaticaly change to 993; if it doesn’t, manually make this setting. Then click Account Information.

Edit Server List

media-1233114781736.png

Select the drop down box next to Outgoing Mail Server. Your computer may look different, as I have 3 outgoing servers to choose from. Select Edit Server List.

Select the Advanced tab

media-1233114890311.png

media-1233114960092.png

IF you see more than one mail server in the top section, choose the mail server you want to secure.

Place a checkmark in the box near Use Secure Sockets Layer (SSL)

Click OK, and then close the preferences window.

Save your work!

media-1233115111118.png

Now, any information you send or recieve from the company mail server is encrypted. Note – this DOES NOT encrypt your email to other recipients, so don’t send credit card numbers, social security numbers, or any other private information you don’t want the world to know.

Firefox 3 and invalid security certificates

How to configure Firefox when you try to access a site without a valid ssl certificate

Open the secure site in Firefox

media-12313053192731.png

When you see this, verify the name of the site, and make sure it looks legitimate. You may do this by copying opening the site where the certificate is actually valid manually. It’s not required, but if you aren’t sure. Note: If you are trying to access your bank, or your credit card website, DO NOT DO THIS. Only accept valid SSL certificates for non-financial and non-personal-info-requring web sites.

Click the "Or you can add an exception…" link

Click the link

media-12313053538931.png

If you are certain the site is legitimate (for your purposes), click the "Add Exception…" button.

media-12313054536451.png

Click Get Certificate

media-12313055278101.png

1. Is optional; if you don’t click this, you’ll have to perform this step each time you visit.
2. Click this one to continue.

The site you want will be loaded after you click "Confirm Security Exception."