employees.org

For Mac OS X 10.3 (Panther) and beyond.

1. Log in to an account with Administrator privileges.

2. Download our Mail SSL certificate and save it in a file.

3. double-click on the file. This will launch the "Keychain Access" and open the "Add Certificates" dialog box.

4. Click on "View Certificate" and compare the [[SSL-Howto#fingerprint|MD5 Fingerprint] and then click OK on the certificate viewer.

5. Change the "Keychain:" on the "Add Cerfiticates" dialog box to "X509 Anchors" and click OK.

6. The system will prompt you for an Administrator username and password as this will modify a system file.

7. Restart any applications that use the system certificate store, like Apple Mail.

You should now be able to connect to the mail.employees.org server from Apple Mail via IMAP or POP3 with SSL enable and not be prompted about an untrusted certificate.

================================================

For Mac OS X 10.2 and prior (more complicated).

1. Log in to an account with Administrator privileges.

2. Download our Mail SSL "certificate":stunnel-public.pem and save it in a file.

3. Copy the System X509Anchors file into your user account's private keychain. This is done by typing the command:

    cp /System/Library/Keychains/X509Anchors ~/Library/Keychains/

4. Check the MD5 "Fingerprint":SSL-Howto#fingerprint by typing:

    openssl x509 -fingerprint -in stunnel-public.pem

5. Import the certificate into the Anchors with "certtool" by typing:

    certtool i stunnel-public.pem k=X509Anchors

6. Now copy the Anchors file back into the system library with:

    sudo cp ~/Library/Keychains/X509Anchors /System/Library/Keychains/X509Anchors

    You will be prompted for a password - type your account password.
    

7. Restart any applications that use the system certificate store, like Apple Mail.

You should now be able to connect to the mail.employees.org server from Apple Mail via IMAP or POP3 with SSL enable and not be prompted about an untrusted certificate.