Page 1 of 2 12 LastLast
Results 1 to 20 of 28
Like Tree1Likes
  1.    #1  
    This morning sending an e-mail gave an error message: "Requested encryption not supported by server."
    My e-mail provider's helpdesk says no SSL certificate has changed at their side. The strange thing is, receiving e-mail makes use of SSL as well, without a problem...

    Anybody a suggestion?

    Regards, Wijnand
  2. ggendel's Avatar
    Posts
    463 Posts
    Global Posts
    818 Global Posts
    #2  
    Quote Originally Posted by Wijnand Lammens View Post
    This morning sending an e-mail gave an error message: "Requested encryption not supported by server."
    My e-mail provider's helpdesk says no SSL certificate has changed at their side. The strange thing is, receiving e-mail makes use of SSL as well, without a problem...

    Anybody a suggestion?

    Regards, Wijnand
    Some providers have switched from SSL to TLS because of various SSL vulnerabilities.
    Palm III->Palm IV->Palm V->M130->Tungsten->Treo 270->Treo 600->Treo 700->Palm Pre Plus->FrankenPre 2->Pre 3 & TouchPad
  3. #3  
    Quote Originally Posted by Wijnand Lammens View Post
    This morning sending an e-mail gave an error message: "Requested encryption not supported by server."
    My e-mail provider's helpdesk says no SSL certificate has changed at their side. The strange thing is, receiving e-mail makes use of SSL as well, without a problem...

    Anybody a suggestion?

    Regards, Wijnand
    What is the hostname of the server?
    Did you know:

    webOS ran on a Treo 800 during initial development.
  4.    #4  
    smtp.xs4all.nl, SSL port 465 and TLS port 587 both do not work. Only unencrypted...

    Receiving mail from pop.xs4all.nl SS port 995 works!
  5. ggendel's Avatar
    Posts
    463 Posts
    Global Posts
    818 Global Posts
    #5  
    Quote Originally Posted by Wijnand Lammens View Post
    smtp.xs4all.nl, SSL port 465 and TLS port 587 both do not work. Only unencrypted...

    Receiving mail from pop.xs4all.nl SS port 995 works!
    I used TLS Tests and Tools to smtp.xs4all.nl port 587 and see that it is indeed using TLS (not SSL). Make sure you set encryption to TLS and PLAIN authorization or it won't work.

    -------------------------------------------
    Instructions About Tests

    Note: you can run many tests at once and/or schedule tests with BatchTest.

    Note: use the FULL version to test servers with custom IP addresses, ports, authentications, and/or timeouts.

    See email policy. We will not use addresses. Use of any test is explicit agreement to Acceptable Use Policy.

    (double click in detail below to select all for copy and paste)

    Checking test@xs4all.net[smtp.xs4all.nl:587]{PLAIN=testasswd}

    using supplied MX: "smtp.xs4all.nl"

    Trying TLS on smtp.xs4all.nl[194.109.6.51]:587 (0):
    seconds test stage and result
    [000.106] Connected to server
    [003.123] <-- 220 smtp-cloud3.xs4all.net ESMTP ESMTP server ready
    [003.123] We are allowed to connect
    [003.123] --> EHLO checktls.com
    [003.233] <-- 250-smtp-cloud3.xs4all.net hello [69.61.187.232], pleased to meet you
    250-HELP
    250-AUTH LOGIN PLAIN
    250-SIZE 30000000
    250-8BITMIME
    250-STARTTLS
    250 OK
    [003.233] We can use this server
    [003.233] TLS is an option on this server
    [003.234] --> STARTTLS
    [003.337] <-- 220 Ready to start TLS
    [003.337] STARTTLS command works on this server
    [003.629] Cipher in use: DHE-RSA-AES256-SHA
    [003.630] Connection converted to SSL
    [003.680]

    Certificate 1 of 3 in chain:
    subject= /C=NL/OU=Domain Control Validated/CN=*.xs4all.nl
    issuer= /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2

    [003.727]

    Certificate 2 of 3 in chain:
    subject= /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
    issuer= /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

    [003.774]

    Certificate 3 of 3 in chain:
    subject= /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
    issuer= /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

    [003.775] Cert VALIDATED: ok
    [003.775] Cert Hostname VERIFIED (smtp.xs4all.nl = *.xs4all.nl)
    [003.776] ~~> EHLO checktls.com
    [003.886] <~~ 250-smtp-cloud3.xs4all.net hello [69.61.187.232], pleased to meet you
    250-HELP
    250-AUTH LOGIN PLAIN
    250-SIZE 30000000
    250-8BITMIME
    250 OK
    [003.886] TLS successfully started on this server
    [003.887] ~~> AUTH PLAIN AHRlc3QAcGFzc3dk(testasswd)
    [005.023] <~~ 535 5.7.0 Authentication Rejected (Login incorrect) [6409]
    [005.023] AUTH failed
    [005.024] ~~> QUIT
    [005.136] <~~ 221 smtp-cloud3.xs4all.net ESMTP closing connection

    The failures were due to the fact I don't have a valid login.

    Gary
    Palm III->Palm IV->Palm V->M130->Tungsten->Treo 270->Treo 600->Treo 700->Palm Pre Plus->FrankenPre 2->Pre 3 & TouchPad
  6. #6  
    Last week I had to troubleshoot my xs4all login as well.

    Turned out there certificate was newer, but since I had somehow lost the newest Globalsign certificate, the newer one from xs4all could not be downloaded.

    Having updated my Globalsign certificate, I was able to get the newest one from xs4all as well.


    -- Sent from my Palm Pre3 using Forums
  7. #7  
    Just checked, still using SSL on IMAP and SMTP.

    -- Sent from my Palm Pre3 using Forums
  8. #8  
    If you would go to an https website for xs4all
    Example:
    Service.xs4all.nl

    You should get the question whether you want to accept the cert

    Do so and you shoul be set.


    You can also save it from Chrome as Base64 uencoded rename to .pem and put it somehow on your device.

    When you open a pem you can simply import it

    -- Sent from my Palm Pre3 using Forums
  9. #9  
    Sorry for spamming with several messages.

    In the bus ;-)

    BTW, since webos and the xs4all imap servers use imap idle. It can happen that if you have your device running uninterupted for a longer time, the IMAP connection stays live, but you have trouble with SMTP only.

    I have seen this last month. Only after being on a plane, i noticed that i could not receive msg either.

    Sending was not possible for a while already, I suppose that connection needs to be negotiated every time, but IMAP just stayed open.

    -- Sent from my Palm Pre3 using Forums
  10. #10  
    Let me know whether you need more help with this

    -- Sent from my Palm Pre3 using Forums
  11.    #11  
    Quote Originally Posted by horzel View Post
    Let me know whether you need more help with this

    -- Sent from my Palm Pre3 using Forums
    @ggendel: tried a TestSender, worked Ok via port 25, but I do not get the test message out on port 587, so I think the "AUTH" part is failing.

    <-- 220 ts3.checktls.com CheckTLS TestSender Fri, 20 Feb 2015 09:47:40 -0500
    --> EHLO lb1-smtp-cloud6.xs4all.net
    <-- 250-ts3.checktls.com Hello lb1-smtp-cloud6.xs4all.net [194.109.24.24], pleased to meet you
    <-- 250-ENHANCEDSTATUSCODES
    <-- 250-8BITMIME
    <-- 250-STARTTLS
    <-- 250 HELP
    --> STARTTLS
    <-- 220 Ready to start TLS
    ====tls negotiation successful (cypher: AES128-SHA, client cert: Subject Name: undefined;Issuer Name: undefined
    ~~> EHLO lb1-smtp-cloud6.xs4all.net
    <~~ 250-ts3.checktls.com Hello lb1-smtp-cloud6.xs4all.net [194.109.24.24], pleased to meet you
    <~~ 250-ENHANCEDSTATUSCODES
    <~~ 250-8BITMIME
    <~~ 250 HELP
    ~~> MAIL FROM:<w.lammens@xs4all.nl>
    <~~ 250 Ok - mail from w.lammens@xs4all.nl
    ~~> RCPT TO:<test@TestSender.CheckTLS.com>
    <~~ 250 Ok - recipient test@TestSender.CheckTLS.com
    ~~> DATA
    <~~ 354 Send data. End with CRLF.CRLF
    ~~> Received: from mynewpalm ([80.100.143.154])
    ~~> by smtp-cloud6.xs4all.net with ESMTP
    ~~> id uend1p00c3L52PC01enePB; Fri, 20 Feb 2015 15:47:39 +0100
    ~~> Message-ID: <f1c7e18671a1c13d4a41be6239613bcd@smtp-cloud6.xs4all.net>
    ~~> Date: Fri, 20 Feb 2015 15:47:43 +0100
    ~~> From: <w.lammens@xs4all.nl>
    ~~> To: <test@TestSender.CheckTLS.com>
    ~~> Subject: 8x47qa6eamw72
    ~~> X-Mailer: Palm webOS
    ~~> MIME-Version: 1.0
    ~~> Content-Type: multipart/alternative; boundary="Alternative_=_Boundary_=_1424443662"
    ~~>
    ~~> --Alternative_=_Boundary_=_1424443662
    ~~> Content-Type: text/html; charset="UTF-8"
    ~~> Content-Transfer-Encoding: quoted-printable
    ~~>
    ~~> <span style=3D"font-family:Prelude, Verdana, san-serif;"><br>Testmessage<br=
    ~~> ></span><span id=3D"signature"><div style=3D"font-family: arial, sans-serif=
    ~~> ; font-size: 12px;color: #999999;">-- Sent from my HP Pre</div><br></span><=
    ~~> span style=3D"font-family:Prelude, Verdana, san-serif;"><br><br></span><spa=
    ~~> n id=3D"signature"></span>
    ~~> --Alternative_=_Boundary_=_1424443662--
    ~~> .
    <~~ 250 Ok
    WARN: read failed: Timed Out at /usr/local/tlstest/live/TestSender.pl line 889, <GEN22969> line 2.

    ~~> QUIT
    <~~ 221 ts3.checktls.com closing connection

    @horzel: already tried "service.xs4all.nl", but I do not get a question to accept the certificate. Also tried a restart, but no luck.

    I'm really puzzled, it worked for years and suddenly it fails.

    Thanks for all the help so far.
  12. #12  
    The testsender test shows you are able to login to the SMTP server, so your credentials are ok

    Do you see any certificates in the device info tool? App menu, certificate manager

    -- Sent from my Palm Pre3 using Forums
  13.    #13  
    Quote Originally Posted by horzel View Post
    The testsender test shows you are able to login to the SMTP server, so your credentials are ok

    Do you see any certificates in the device info tool? App menu, certificate manager

    -- Sent from my Palm Pre3 using Forums
    The TestSender test shows that the credentials are accepted (and TLS used!) when I use port 25. If I use 465 or 587 the authentication seems not to be Ok. I get the message "Outgoing Server Setup - Unable to validate outgoing mail server settings. You will be able to receive emails, but may not be able to send emails from this account." when I change the settings and the message "Outgoing Mail Server - Requested encryption not supported by server" when I try to send an email. The email remains stuck in the outbox.

    In the "certificate Manager" I see four certificates, named "auth.griffin", "*hotmail.com", "www.anwbtickets.nl" and "*.turn.com", all valid.
  14. #14  
    So you do not have the update for the Globalsign, which is expired on webos?

    But xs4all's certificate chain rolls up to that one.

    Either use the pathch which updates global sign or dowbload xs4all certificate directly

    From chrome you can save the cert as a base64 encrypted text file. Rename it to .pem at the end, use wosqi to or novaterm to copy it to your device or mail ie with another email that still functions.

    Opening the pem file from email will import it, or from certificate manager open the file from wherever you moved it.

    From chrome you can also do this for the certs from Globalsign that are higher in the chain

    In Chrome, click on the little icon in front of the address, choose the second tab and from here save the certs to file

    -- Sent from my Palm Pre3 using Forums
  15. ggendel's Avatar
    Posts
    463 Posts
    Global Posts
    818 Global Posts
    #15  
    Firefox and Thunderbird should be able to export the correct certificates in PEM format as well. I used to do this for my self-signed server email certificates.

    Quote Originally Posted by horzel View Post
    So you do not have the update for the Globalsign, which is expired on webos?

    But xs4all's certificate chain rolls up to that one.

    Either use the pathch which updates global sign or dowbload xs4all certificate directly

    From chrome you can save the cert as a base64 encrypted text file. Rename it to .pem at the end, use wosqi to or novaterm to copy it to your device or mail ie with another email that still functions.

    Opening the pem file from email will import it, or from certificate manager open the file from wherever you moved it.

    From chrome you can also do this for the certs from Globalsign that are higher in the chain

    In Chrome, click on the little icon in front of the address, choose the second tab and from here save the certs to file

    -- Sent from my Palm Pre3 using Forums
    Palm III->Palm IV->Palm V->M130->Tungsten->Treo 270->Treo 600->Treo 700->Palm Pre Plus->FrankenPre 2->Pre 3 & TouchPad
  16. #16  
    Quote Originally Posted by ggendel View Post
    Firefox and Thunderbird should be able to export the correct certificates in PEM format as well. I used to do this for my self-signed server email certificates.
    This thread is getting interesting.

    If it is possible to export certificates from Firefox in the correct format for webOS, is there really a certificate problem?

    Obviously, there are no updates from HP, but perhaps there is a system for tracking certificate expiry and updates?

    Any updates could be downloaded to firefox (perhaps by visiting particular sites) then exported to webOS.

    Certificate manager is found in the app menu of 'Device info'. Certificates can be exported from Firefox's certificate manager.
    Last edited by Preemptive; 02/22/2015 at 10:51 AM.
  17. #17  
    Manual work is too manual.
  18. #18  
    Sure, but,
    1. Can it be done manually? If yes, then:
    2. Is there a way to automate it?
    3. Can expiry times be discovered manually? If yes, then:
    4. Is there a way to automate it?
    5. Then have the automated alert trigger the automatic update.
    6. Relax and have a drink.
  19.    #19  
    Ok, I found the GlobalSign patch, thanks to Grabber5.0. (I wonder, why are these patches not in the Preware Repositary?) But it did not make any difference, what I expected, because collecting pop mail and accessing the web site using SSL works.
    So I'm still puzzled about the failing smtp authorization.

    Does anybody know a way to trace setting up the smtp connecting on a Pre 2?
  20. #20  
    Wijnand, have you tried adding the xs4all cert?

    This solved it for me

    -- Sent from my Palm Pre3 using Forums
Page 1 of 2 12 LastLast

Similar Threads

  1. [Solved] Microsoft Outlook Certificate Expired
    By kwarner in forum webOS Discussion Lounge
    Replies: 234
    Last Post: 04/29/2017, 03:29 PM
  2. Replies: 4
    Last Post: 01/12/2015, 02:47 PM
  3. server's security certificate is not a trusted certificate
    By cswilliams30 in forum webOS Synergy and Synchronization
    Replies: 8
    Last Post: 02/28/2014, 01:48 AM
  4. Sprint nav expired?
    By agusta in forum webOS Discussion Lounge
    Replies: 9
    Last Post: 02/12/2010, 06:53 PM
  5. verichat expired already?
    By missbliss in forum Palm OS Devices & Apps
    Replies: 4
    Last Post: 01/24/2003, 06:35 PM

Posting Permissions