My email server is running Debian "squeeze" Linux with Exim4 as the smtp server and dovecot as the imap server. The first thing I needed to do was verify on the mail server that there were valid (self-signed) certificates for both exim4 and dovecot. This can be done with:
- openssl x509 -in some.crt -text -noout
The exim4 certificate was expired so I regenerated it with:
- /usr/share/doc/exim4-base/examples/exim-gencert --force
- Dovecot - /etc/ssl/certs/dovecot.pem
- Exim4 - /etc/exim4/exim.crt
Next, open up the Certificates tree until you see "Trusted Root Certification Authorities" and open it up to see "Certificates" underneath it. Right-click on Certificates and click "All Tasks" then "Import". Import your two certificates and there you are -- now all your self-signed certificates coming from your email server look as valid as any certificates, and are accepted by Windows 8 Mail just fine.
So, uhm... why does Microsoft make this so hard? I dunno, they're Microsoft, I guess. But the "ask your system administrator" is just BS, because Windows 8 Mail will *never* be used by anybody who actually has a system administrator other than themselves -- all businesses will be using Outlook Mail as their email client for a number of reasons. Oh well, just another example of how Windows 8 is half-baked and characterized by an utter lack of understanding of, well, actual customers.