May 28

Recently was setting up clients iPhone to access our mail servers using IMAP over SSL. Problem was we kept getting an error say that the username or password were incorrect. The username and password entered in the iPhone setup were correct. Using the identical setup to access the same email account from my iPhone worked fine.

Fortunately we had setup the phone so that all it’s data was either being accessed or synced from the cloud so resetting the phone was no drama. Unfortunately resetting his phone didn’t make any difference, still could not connect.

After increasing the logging on the mail server it was discovered the issue was that the iPhone did not have the required SSL certificate installed to make the required connection. The reason my iPhone worked I think is because I sync mine with a Mac whereas the phone that could not connect was syncing with a Windows box. Am assuming that the syncing with the Mac copied the certificate to my iPhone for me, but have not confirmed this.

To install the certificate we took the following steps.

  1. Create a DER format certificate

    iPhone does not understand PEM (Privacy-Enhanced Mail) formatted certificates and instead expects the certificate to be in DER (Distinguished Encoding Rules) format. So we need to create a DER version of the mail certificate on the server using openssl.

    openssl x509 -in /etc/ssl/certs/ssl-mail.pem -inform PEM -out mail.der -outform DER

  2. Copy the DER certificate so it is accessible from your web server

  3. Open the certificate on your iPhone

    Using Safari on the iPhone open the certificate that you just created. You will be prompted if you want to install the certificate. Press the “Install” button to install the certificate on your iPhone.

  4. Reboot your iPhone

    After restarting the iPhone the certificate should be available and you will be able to connect to the mail server using SSL without any problems.

written by Obiweb \\ tags: , , , , , ,