7

I have just set up Mutt to connect to my firm's IMAP and SMTP server. Everything works; but when I launch mutt, I get a warning about the certificate, and am given the option to:

(r)eject, accept (o)nce

I do not get an option to (a)ccept it or any other way to save it. I suspect the server is misconfigured because Mutt says:

WARNING: Server certificate has expired
WARNING: Server hostname does not match certificate

However, I would still like to save the certificate. After all, it is more secure to get the machine to accept a particular, fixed, cert than to get into the habbit of hitting o every time I launch mutt.

BTW: something similar seems to happen every time I send the mail too. The SMTP and IMAP servers are on the same machine.

[UPDATE: partial solution]

After a bit of RTFM I found out that you can add 

set ssl_verify_host = no
set ssl_verify_dates = no

to .muttrc, to disable the checks. This makes mutt treat the cert as OK, and lets you save it. The problem is that even after it is saved, you must keep those to settings. Worse, they are global settings, so if I ever start using multiple servers, they will all be less secure.

Does anyone have better ideas?

Improve this question
3
  • What is the FDQN shown on the certificate? Can you connect to the mail server using that address instead of whatever you are using?
    – paradroid
    Commented Feb 7, 2012 at 16:31
  • Good! By using the certificate's own address, I can get it without having to set ssl_verify_host = no. Please turn your comment into an official answer so I can accept it.
    – Adrian Ratnapala
    Commented Feb 7, 2012 at 17:07
  • Might I humbly suggest you wrote up an answer based on your partial solution and using account-hooks? I'd up vote it.
    – Sardathrion - against SE abuse
    Commented Nov 5, 2014 at 9:46

3 Answers 3

Reset to default
2

I solved it by creating an empty folder named .mutt in my home directory. Mutt was searching for that. Why it doesn't create it by default is beyond my comprehension.

Improve this answer
1
  • this solution works for me
    – Nevin Chen
    Commented Oct 14, 2016 at 23:15
0

Note that you don't have to set ssl_verify_host or ssl_verify_date globally. You can use an account-hook to apply them only to a certain server.

Improve this answer
2
  • 1
    Welcome to superuser.com. Please provide some more information like how to apply the account-hooks. Thank you
    – Simon
    Commented Apr 24, 2013 at 12:03
  • You are right, it is only global because I don't understand account-hooks. But the real solution to my problem is @paradroid's. Sadly he hasn't written it up as an answer, so I can't accept it :(
    – Adrian Ratnapala
    Commented Apr 24, 2013 at 14:03
0

This was probably not your particular problem, but you get the same prompt, with no (a)ccept option, if you don't have the certificate_file variable set.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .