Make ical stop asking me about our server's ssl certificate

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Salteevee, Sep 13, 2011.

  1. Salteevee macrumors newbie

    Joined:
    Sep 9, 2011
    #1
    This will be a little hard to explain because I have only a vague understanding of ssl certification. Basically, as we now have a member of staff synchronising with our ical server offsite overseas I thought it would be wise to use SSL.

    It's working fine but everytime ical is opened, and for some staff throughout continuous operation of ical, a message comes up saying that iCal can't verify the identity of the server. This is fine, we're not certified, and once can just just press continue, but is there a way to make Mac OS remember this? Just trust this server all the time?

    Clicking continue upon opening ical is not a huge hassle but people don't really understand what it means and the big symbol of a security lock makes them uneasy and worse still some people are having this message come up even after having clicked continue once already.
     
  2. naples98 macrumors member

    naples98

    Joined:
    Sep 9, 2008
    Location:
    Houston
    #2
    An SSL certificate is used to bind a public key with an identity but if your users have no way of checking with a trusted party that the key and identity belong together, then anyone can claim to be your server (identity) and send out their own public key (allowing them to decrypt any information sent).

    I doubt there is a way for Mac OS to remember the decision, by design. The computer is telling the user that it can not confirm the identity of the server and that the user must explicitly accept this risk if they want to keep working with the server.
     
  3. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #3
    If your company created the certificate, then they should also have a root certificate that people can install on their computers. With some very, very, very clear instructions that you only install root certificates that came to your machine in ways that cannot be hacked.
     

Share This Page