I get an invalid SSL / TLS certificate error when trying to add my email account, what should I do?
If you receive this error when adding your email account:
Your SSL / TLS certificate is invalid, so Missive can’t establish a secure IMAP connection. If this is not a concern to you, choose “none” under Encryption.
It means you probably have an expired certificate or a self-signed certificate. You can contact firstname.lastname@example.org to know why your certificate is invalid.
If your server’s SSL/TLS certificate is expired you should contact your certificate authority to get a new one.
Missive currently refuses to connect to IMAP servers with a self-signed certificate, because if we allowed it, it would mean our connections to users’ IMAP servers wouldn’t actually be secure. A self-signed certificate can be generated by anyone, so if our algorithm accepted any self-signed certificate, it means our connection to your server could be intercepted by a hacker who could swap your certificate for theirs, and Missive wouldn’t notice because it accepts anybody’s self-signed certificate. Simply put: someone could read your email data over our connection to your server, and neither us or you would notice.
NoteIf a server’s SSL/TLS certificate is self-signed, it is not signed by a recognized certificate authority. This is often the case on default server installations.
However, people using a self-signed certificate and not planning on purchasing an authority-signed one for their IMAP server is something common. To remain secure by default while supporting this setup, what email applications usually do when people connect an IMAP account is:
- First, refuse to accept a self-signed certificate
- Show a warning to the user
- Offer the user a checkbox that says “Allow the use of my self-signed certificate”
- If checked, the setting will be remembered for this user only
The procedure above is exactly what we plan to do. We have no ETA yet, but we will offer support for self-signed certificates at some point.
Note that if the above isn’t a concern to you, you should be able to successfully import your IMAP account by choosing “none” as the Encryption method. Same for SMTP.