Client app says my chained Comodo cert is invalid

Joseph Tam jtam.home at gmail.com
Wed Jul 27 22:20:48 UTC 2016


> The trouble appears when I attempt to configure a client account in
> Mail.app on my Mac.  For the POP server name, I enter my VPS?
> ?45.56.81.181", because public DNS is still pointing to my existing
> host.  I set the account to use the Apple TLS certificate, and then
> click to save this new account info.  Before saving, Mail.app checks my
> entries by attempting to log in.  The result is: ?The identify of
> server 45.56.81.181 cannot be verified.  The certificate for this
> server is invalid.?

Well, yes, that's what you would expect.  You've told your mail client
to connect to "45.56.81.181", the client starts the SSL negotiation
and finds the certificate is made out for "sheepsystems.com", and your
mail client complains about the mismatch (a possible MITM attack).
This is what you want SSL enabled system to do.

Since 45.56.81.181 does not map to "sheepsystems.com" yet, you can
short-circuit DNS and add a direct mapping to your Mac by adding this
to /etc/hosts:

 	45.56.81.181 sheepsystems.com

then reconfiguring your mail client to use the server "sheepsystems.com".
This will appease the SSL constraint.

> appear in /var/log/mail.log [2].

Don't know what this is about -- probably your Mac bailing out on
authentication.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list