How to get rid of a fake certificate?

Discussion in 'macOS' started by Caezar, Aug 24, 2012.

  1. Caezar macrumors 6502

    Joined:
    Jun 9, 2004
    Location:
    Between a rock and a hard place
    #1
    My mother is experiencing issues with Mail: she is constantly being told that the server imap.gmail.com is not verified.

    The certificate was issued by FortiGate CA, which is apparently not the right certificate for Gmail.

    When I check in the KeyChain, I do not find such a certificate. :confused: Thus, I do not know what do to. And I see that quite a few people faced the same issue, but no one posted a solution to get rid of it.

    I am thinking of reinstalling everything of her iMac. But before I do so, do you see another solution?
     
  2. ElectricSheep macrumors 6502

    ElectricSheep

    Joined:
    Feb 18, 2004
    Location:
    Wilmington, DE
    #2
    This is indicating a man-in-the-middle interecepting and possibly rewriting data between your mother and gmail.

    Now, Fortigate is a vendor for Firewall and Deep-packet-inspection security appliances. This could be legitimate behavior depending on the context.

    If you suspect that this is not the correct behavior, or that the should be no such security tool between your mother's iMac and gmail, then you should do some checks to make sure that someone isn't performing a malicious man-in-the-middle attack.

    The simplest thing you can check is the contents of /etc/hosts and /etc/resolv.conf for any suspicious IP -> hostname mappings or overriding DNS entries.
     

Share This Page