Easy! Either connect to imap.tib.com instead of mail.tib.com, or create and install a new security certificate on the server which is for mail.tib.com instead.
Another solution is to obtain and install a wildcard certificate (which will be good for all *.tib.com). That's the good news. The bad news is that the commercial certificate authorities charge extra for wildcard certificates because they know they're more valuable to you (and not because it costs them anything extra in creating them, except maybe lost sales of certificates for specific names). BTW, you can get free certificates from http://cacert.org (no affiliation except as a user), though the first time your users see them they may have to answer a pop-up about a "funny" certificate. (My experience is that most users just click OK and don't give it much thought. The ones who do think about it tend to be more sophisticated anyhow, so they can sort it out rather than just switching off the computer in a panic and watching TV for the rest of their lives.)
