A couple of years ago I had a good go at getting my Sony Ericsson phone to talk to my IMAP server over SSL. That much worked (although the IMAP client doesn’t support folders so I had to do a bit of a bodge with multiple user accounts and symlinks in cyrus to get at important folders) but I could never get authenticated SMTP over TLS to work.<\/p>\n
Today I cracked it.
\n<\/p>\n
The thing that was standing in the way turned out to be that I’m using a certificate that the phone doesn’t trust. That’s no surprise really, since I created my own Certificate Authority and there’s no reason for anybody else to trust it.<\/p>\n
The tricky part was persuading the phone to recognise it. It allows you to accept an untrusted certificate for IMAP, but won’t give you the option for SMTP.<\/p>\n
Luckily, it is actually possible to give the phone the new certificate. The first step is to convert the certificate to DER format.<\/p>\n
(courtesy of a post on the cacert-support mailing list)<\/p>\n Then derfile.crt needs to end up in a directory served up by a web server.<\/p>\n Pointing the phone’s browser at this file allowed me to save the certificate.<\/p>\n After that, authenticated SMTP with TLS magically started working.<\/p>\n","protected":false},"excerpt":{"rendered":" A couple of years ago I had a good go at getting my Sony Ericsson phone to talk to my IMAP server over SSL. That much worked (although the IMAP client doesn’t support folders so I had to do a … Continue reading openssl x509 -in pemfile.pem -inform PEM -out derfile.crt -outform DER<\/code><\/p>\n