MobileMe: Setting up and troubleshooting secure iChat

Summary

With iChat, you can chat securely with other MobileMe subscribers. In a secure chat, all text, audio, video, or data transferred in the chat is encrypted. To use this safeguard, you and your chat buddy must both have MobileMe subscriptions and enable Secure Chat.

When both you and your chat buddy have MobileMe Secure iChat enabled and you start a chat, a lock icon appears in the upper-right corner of the iChat window. Text, audio and video are encrypted on your computer, sent across the Internet encrypted, and are not decrypted until they reach your buddy’s computer.

Note: MobileMe Secure iChat is not available in OS X Lion (see this article for more information).

Products Affected

MobileMe, iChat

Setting up MobileMe Secure iChat

iChat offers to enable Secure iChat the first time you open it if you have already entered your MobileMe account and password information in MobileMe preferences, in System Preferences.

If you did not enable Secure iChat the first time you opened iChat after configuring Mac OS X for MobileMe, you can still enable Secure Chat in the iChat preferences:
  1. Verify that you have configured Mac OS X for MobileMe by selecting opening System Preferences, then clicking MobileMe. Your current account status and storage settings should be displayed if your account is set up correctly. If you need additional assistance setting up your account on your computer, click here.
  2. If MobileMe is configured, open iChat via the Dock or in the Applications folder.
  3. From the iChat menu, choose Preferences.
  4. Click Accounts.
  5. Click the MobileMe account you want to secure. (If your MobileMe account does not appear in the iChat Accounts Preferences, you can add it by clicking the + icon in the lower left corner of the iChat Accounts preferences and following the onscreen instructions.)
  6. Click Security.
  7. Click Enable.

Troubleshooting tips

  • Secure iChat works only when your iChat buddy has a MobileMe accounts and has also enabled secure chat.
  • If you are trying to have a Secure iChat between a MobileMe Chat account and a .Mac Chat account, both participants need to have Mac OS X version 10.4.3 through OS X 10.6.8 Snow Leopard and the Mac OS X Software Update for MobileMe installed. 
  • If you cannot chat via iChat, regardless of whether you are using secure chat or not, you should first troubleshoot your connection to the Internet by verifying other network services, such as Mail and viewing web pages work. If you cannot use other web services, you should troubleshoot your connection to the Internet.
  • If you can use other Internet services, but iChat does not work, and you are using a routing or device that provides NAT, you should make sure your device is configured for iChat.
  • An easy test to make sure your own settings are configured correctly is to try chatting with other MobileMe subscribers. If you are able to Secure Chat with other buddies, but you can’t secure chat with one specific buddy, then again there is probably an issue with their settings. Make sure the buddy in question has iChat configured for their MobileMe account and Security is enabled.
  • If you are unable to Securely Chat with any MobileMe subscriber, you should refresh your Security settings by opening iChat Preferences and the selecting your MobileMe account in the Accounts preferences, then click Disable in the iChat Encryption section of the Accounts Security pane. Quit iChat and reopen it again, and re-enable iChat Encryption again, in the Security section of the iChat Accounts Preferences.
  • If you still cannot enable iChat Security, even after refreshing your settings, you may need to use MobileMe Account to revoke a certificate and then create a new Secure iChat Certificate by re-enabling Secure Chat as explained above in Setting Up MobileMe Secure iChat.
  • If you are unable to use other secure services, such as the iTunes Store, you receive error messages from other secure websites, and you receive SSL alerts from Mail or any other application relying on secure certificates, you may be experiencing a broader issue with Mac OS X itself which would need to be resolved prior to attempting to use Secure iChat.

Additional Information

iChat security certificates

MobileMe secures your chat interactions by using security certificates to create signed encryption, which is the same type of technology HTTPS web sites and Secure Email use to establish online identities and enable encryption.

The first time you enable Secure iChat, a MobileMe Secure iChat certificate is generated. Your MobileMe Secure iChat Certificate is valid for one year.

Check the status of your iChat Certificate

Note: Newly created certificates may take several minutes to process before they are available in your MobileMe account.

To check the current status of Secure iChat for your MobileMe account:

  1. Open iChat.
  2. From the iChat menu, choose Preferences.
  3. Click Accounts, select your MobileMe account, and then click Security.

At the bottom of the Security pane, you will see the current status of your encryption setup request. If your request is still pending, an "Encryption being activated" message is displayed. Once you see an "iChat encryption is enabled" message, encrypted chat is enabled.

To find out when your current Secure iChat certificate expires and to see a list of revoked or expired certificates:

  1. Open a web browser and go to http://www.me.com.
  2. Sign in to MobileMe (if you are not already signed in).
  3. Click the Account icon.
  4. Click Secure Certificates.

To renew your certificate, re-enable iChat security for your MobileMe account.

Keychain file

If you are unable to run Secure iChat, the cause may be your keychain file which controls certificates and other items used by Secure iChat. Before trying the following steps to resolve the issue, you need to:

  1. Quit iChat.
  2. In the Finder, choose Go > Utilities from the menu bar.
  3. In the Utilities window, double-click Keychain Access.

Run the Keychain First Aid utility

  1. From the Keychain Access menu, choose Keychain First Aid.
  2. In the Keychain First Aid dialog box, enter your administrative password, select Repair, and click Start.

If Keychain First Aid finds and repairs an issue with your keychain, restart your computer and try setting up Secure iChat again. If the issue cannot be repaired, you may need to reset your keychain.

Note: For more information about Keychain First Aid, refer to these Mac OS X version 10.4, 10.5, and 10.6 articles.

Verify the Certificate Revocation List (CRL) setting

  1. From the Keychain Access menu, choose Preferences.
  2. In the Preferences window, click Certificates and make sure the Certificate Revocation List (CRL) option is set to Off.
  3. Close the Preferences window and quit Keychain Access.
  4. Open iChat and choose Preferences from the iChat menu.
  5. Click Accounts, select your MobileMe account, and then click Security.
  6. If encryption is still disabled, click Enable (or Encrypt).

Delete certificates / keys that contain your MobileMe subscriber name

  1. From the Keychain Access menu, choose Preferences.
  2. In the Preferences window, click Certificates.
  3. Click the Apple MobileMe Certificate Authority certificate and choose Edit > Delete.
  4. Locate any certificates that begin with your MobileMe subscriber name and delete each one.
  5. On the left, click Keys.
  6. Locate any keys that begin with "subscribername - Year - Month - Day" and delete each one.
  7. Restart your computer and try Secure iChat again.

If you are still unable to run Secure iChat, quit iChat and delete the items mentioned above again. After deleting these items:

  1. Go to http://www.me.com/account and sign in.
  2. On the left, click Security Certificates.
  3. Locate your active Secure iChat Certificate and click Revoke Certificate.
  4. If you agree to the terms shown in the dialog box, click Revoke Certificate again.
  5. Restart your computer and try Secure iChat again.

Note: After you revoke your Secure iChat Certificate, it may take several minutes before you can set up your MobileMe account for Secure iChat.

Verify the keychain lock settings

  1. In Keychain Access, choose Edit > Change Settings for Keychain.
  2. Disable the "Lock after minutes of activity" and "Lock when sleeping" settings.
  3. Click Save, restart your computer, and try Secure iChat again.

Notes:

If you are unable to resolve:

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked