IMAP, SMTP, TLS and certificates

A couple of years ago I had a good go at getting my Sony Ericsson phone to talk to my IMAP server over SSL. That much worked (although the IMAP client doesn’t support folders so I had to do a bit of a bodge with multiple user accounts and symlinks in cyrus to get at important folders) but I could never get authenticated SMTP over TLS to work.

Today I cracked it.

The thing that was standing in the way turned out to be that I’m using a certificate that the phone doesn’t trust. That’s no surprise really, since I created my own Certificate Authority and there’s no reason for anybody else to trust it.

The tricky part was persuading the phone to recognise it. It allows you to accept an untrusted certificate for IMAP, but won’t give you the option for SMTP.

Luckily, it is actually possible to give the phone the new certificate. The first step is to convert the certificate to DER format.

openssl x509 -in pemfile.pem -inform PEM -out derfile.crt -outform DER

(courtesy of a post on the cacert-support mailing list)

Then derfile.crt needs to end up in a directory served up by a web server.

Pointing the phone’s browser at this file allowed me to save the certificate.

After that, authenticated SMTP with TLS magically started working.

This entry was posted in Uncategorized. Bookmark the permalink.