Why you need to install a certificate for Apple Mail with Proton Mail Bridge

Apple Mail connects to Proton Mail Bridge over a secure HTTPS connection. This encrypts your data in transit and verifies that the email client is connecting to who it thinks it is connecting to.

HTTPS verifies connections using SSL/TLS certificates(new window). For servers that are accessible to the public, these certificates are issued and digitally signed by a certificate authority (CA) such as Let’s Encrypt(new window). 

Learn more about how HTTPS keeps you safe(new window)

However, this isn’t possible for Proton Mail Bridge, as it uses IMAP and SMTP servers that run on your own computer and aren’t accessible from any network (including your local LAN network and the internet).

Proton Mail Bridge solves this problem by using a self-signed certificate(new window) that provides the same level of encryption for data in transit as a regular HTTPS certificate. But since macOS doesn’t recognize the CA that issued or signed the certificate, it will ask if you trust it.

In most circumstances, you should be wary of self-signed certificates. However, you can safely trust our certificate because it isn’t used to access an external service on the internet —  it’s only used for to connect your email client (for example, Apple Mail) and Proton Mail Bridge — a connection that never leaves your computer

Apple Mail requires you to confirm that you trust any self-signed certificate before it will accept it. Proton Mail Bridge solves this problem by proactively storing the certificate in the macOS Keychain(new window). This operation requires that you provide your macOS account password.

Once the certificate is installed in your Keychain, you can continue with the configuration process and add the Proton Mail account to Apple Mail.