Postfix, Courier-Imap, Mail.app, and Certificates

I just finished getting Mail.app to recognize two seperate SSL certs from my server — one for imap.dmiessler.com, and another for smtp.dmiessler.com. This was less than trivial (mostly due to my own stupidity).

What this means is that I can finally use real domain names in my certificates (self-signed) for two separate hostnames while avoiding the annoying prompts that OS X likes to throw when it senses tomfoolery.

Here are the steps:

• Create your Postfix certificates the way Weitse wants you to, using your SMTP hostname.
• Import both the CA cert and your actual Postfix certificate into OS X.
• For IMAP, edit your imapd.cnf file to reflect your IMAP hostname, etc.
• Run mkimapdcert.
• Import that certificate into OS X.

Now when you open Mail.app you should not get prompted to accept any certificates. The trick is that you need to import the CA’s cert on the Postfix side or it won’t work. But with courier this is not required. It has something to do with the format of the certificates being different.

It’s on my list of things to research, but for now I’m just happy I got it working exactly as I want it.