Page 1 of 3 123 LastLast
Results 1 to 20 of 41
Like Tree3Likes
  1.    #1  
    Finally i got rid of my beloved "The server's certificate is not trusted" notifications.

    Previously, i downloaded SSL certificates for my email provider using Opera on the real machine (desktop). After importing it, the email applications still complained. I already suspected that the CN (Common Name) was not matching, because it was issued for 'www.<server>.com' but IMAP was accessing 'imap.<server>.com'.

    Unfortunately, i couldn't easily retrieve the SSL certificate used when connecting to imap.<server>.com:993 from a browser or email client (all on the _real_ computer) so it took some time to find a way.

    I found this page and it did the job. Just install xterm (or even better wTerm) together with OpenSSL from PreWare before you start. Issue the retrieval command and then pay attention to the "Copy from the "-----BEGIN CERTIFICATE-----" to the "-----END CERTIFICATE-----" , and save it in your directory as .pem" part.

    But i suggest doing this on a proper Linux-based desktop/workstation (or Windows if you can source a proper SSL client tool). The available software / tools on a TouchPad (or Pre xyz) are just too rudimentary and abysmal in usage / handling for not getting angry in between.

    Pay attention that is is probably way too complicated for end-users (=consumers), but you'll have to find your way around with this as a start.
    "On ComScore's smartphone market share chart, Nokia's Symbian comes in dead last at 0.5% of the market. Somewhere below that are a few holdout open-source WebOS users who just can't let their dream go." -- Jason Notte // thestreet
  2. thg
    thg is offline
    thg's Avatar
    Posts
    238 Posts
    Global Posts
    261 Global Posts
    #2  
    Quote Originally Posted by don_falcone View Post
    I found this page and it did the job. Just install xterm (or even better wTerm) together with OpenSSL from PreWare before you start. Issue the retrieval command and then pay attention to the "Copy from the "-----BEGIN CERTIFICATE-----" to the "-----END CERTIFICATE-----" , and save it in your directory as .pem" part.
    this was the solution for my Strato.de IMAP/SMTP SSL problem too!

    Thanks a lot,
  3. #3  
    Hi,
    thanks for providing the instructions how to solve that sort of problem. However, it did not quite work for me. When validating my email setup my Pre says "Requested encryption not supported by server" (in German original: "Angeforderte Verschlüsselung vom Server nicht unterstützt."

    I am on Pre3 with an email account which worked fine with SSL encryption until 25 Jan 2015. Then my mail host changed the certificate on the server mail.mx6-sysproserver.de as can be seen here:
    https://sslanalyzer.comodoca.com/?ur...erver.de%3A993.

    Following the above instructions I used a Linux-PC shell to download the certificate by doing this:

    openssl s_client -showcerts -connect mail.mx6-sysproserver.de:993

    which gave me the dump shown below. I took the first block

    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----

    copied it in a file called mail.mx6-sysproserver.de.pem and placed this file on my Pre3 into the directory
    /etc/ssl/certs/trustedcerts

    Well, as I said I can still not use SSL to get my email. Needless to say, I rebooted the Pre. Anyone here who can tell me what I am doing wrong? Might be obvious to the ones knowing the littel sectrets...

    Any help is very much appreciated!

    Thanks,
    Tom

    ================================



    CONNECTED(00000003)
    depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3
    verify error:num=20:unable to get local issuer certificate
    verify return:0
    ---
    Certificate chain
    0 s:/OU=GT58003354/OU=See Read the RapidSSL agreements for free SSL certificates, wildcard SSL certificates and other RapidSSL products. (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=mail.mx6-sysproserver.de
    i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
    -----BEGIN CERTIFICATE-----
    MIIEtzCCA5+gAwIBAgIDAe5cMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
    NTYgQ0EgLSBHMzAeFw0xNTAxMjYxNzMzMzRaFw0xNjAyMjgxOTQ0NDJaMIGcMRMw
    EQYDVQQLEwpHVDU4MDAzMzU0MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
    bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
    YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEhMB8GA1UEAxMYbWFpbC5teDYtc3lzcHJv
    c2VydmVyLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16k67c08
    RI37eVwqocOgPnGMdDP2d1bSHjRvPTwWSaX7OnJNCeTSwANHGX2GOpOGizcoKMU+
    39xUMxXalQGU9zwkrShQWR2dX6+0Stn7yH8z9s0Q1J4xRFmCQ++ZjbOuTb9tZHme
    r2xPkjds+0iZwJpn7yyVq+AUQkX/Zsxsoiw7zY0GVcz86zv6Vse0ik4rjsmyhkhD
    nro1rzkvE9WWpo3PrB8fbYO7H/WmrpgEgMQ/O+VIyX5K/TQTaICnVb1+GPAY6DMB
    XaZPlqqrPGHPZ2d6V1Kbe0hlHn7z3Qfzi8ZxwTrN+AgO9d5daUwdlksbGR7lm4Il
    +5U/RJG7s9rxbwIDAQABo4IBVDCCAVAwHwYDVR0jBBgwFoAUw5zz/NNGCDS7zkZ/
    oHxb8+IIy1kwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZ3Yu
    c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNy
    dDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
    MCMGA1UdEQQcMBqCGG1haWwubXg2LXN5c3Byb3NlcnZlci5kZTArBgNVHR8EJDAi
    MCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAA
    MEUGA1UdIAQ+MDwwOgYKYIZIAYb4RQEHNjAsMCoGCCsGAQUFBwIBFh5odHRwczov
    L3d3dy5yYXBpZHNzbC5jb20vbGVnYWwwDQYJKoZIhvcNAQELBQADggEBAFwUfhMm
    F32bxOHM4bzbAPjle6uNHC5LWGbZELa8SmRu4AJFis6RL8ejnAnNckMNAcGuRJXt
    An/tjoJ2dE2q+VfEqlj0z5SgKWC0QMVBViyvK++cVis5uujpZ0oCp/HAY6+CHrBh
    7w9eqQGF5729Y0aFdzFWHHGODb+Ty+Rx1XsKljVBQ7cFZ+wgrB/yweYZDjr/24Tu
    lk94ufPYxgWwExfmAHElU+c2Bua8HXOQU/d4Ke2yxjQrRmZnqtCO5k+PhUJLYTVM
    C2YPk9zAqrP4+GGaADkzioDS5PiGUCftToUWCEdFa7+0jziegjdhlqnBB1sjyRST
    dcWi9GLsijtQbMU=
    -----END CERTIFICATE-----
    1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
    i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    -----BEGIN CERTIFICATE-----
    MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
    U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
    VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
    SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
    1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
    DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
    QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
    YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
    qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
    VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
    JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
    BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
    MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
    dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
    rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
    fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
    kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
    uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
    ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
    gP8L8mJMcCaY
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/OU=GT58003354/OU=See Read the RapidSSL agreements for free SSL certificates, wildcard SSL certificates and other RapidSSL products. (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=mail.mx6-sysproserver.de
    issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 2616 bytes and written 555 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES256-SHA
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1.1
    Cipher : AES256-SHA
    Session-ID: C07034F8447683BBF645938454E6B2D88CD99ABD541965E88C8487AA7CE8EF4E
    Session-ID-ctx:
    Master-Key: 146089D2CB1FE9766929BB78B49C1B7DF90D898CB4E5258F5139242E4047C28563F1EFB5B031D253C0BA991C0DD5A91D
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 73 9c 5c 47 d5 14 7d 8f-37 14 d6 ec d1 87 4c 06 s.\G..}.7.....L.
    0010 - 10 50 f1 48 75 87 d0 62-62 b9 e6 de 72 bb 52 86 .P.Hu..bb...r.R.
    0020 - 34 e2 2f 37 8d 64 35 cc-d3 ec 78 22 ef 4f 85 32 4./7.d5...x".O.2
    0030 - 17 fb 97 df 69 d7 ba 44-24 bf 2d 6f 04 81 b0 53 ....i..D$.-o...S
    0040 - 6e c4 6a 7e f1 dc 59 98-11 46 6e 84 e3 a0 cf d1 n.j~..Y..Fn.....
    0050 - 80 99 3e 19 b0 54 c2 31-de c9 fb a7 04 4f c8 aa ..>..T.1.....O..
    0060 - fc 96 80 dd 7c 14 a9 64-13 9c 88 5e 64 bb 2f 49 ....|..d...^d./I
    0070 - f2 c9 1c a4 e2 78 5c d4-b2 56 15 8c 56 f7 b4 eb .....x\..V..V...
    0080 - ba c2 48 73 24 7d 5d 68-e7 49 4d 7c 96 6b 32 2f ..Hs$}]h.IM|.k2/
    0090 - 68 6b 9d 86 24 db e7 a6-69 9b fb 8a 38 5e e6 88 hk..$...i...8^..

    Start Time: 1422909652
    Timeout : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    ---
    * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] server ready
  4. #4  
    I have the same issue as blonthomas and I've posted a thread here a while back. I've seen and used instructions linked here in the past and gotten the "Verify return code: 0 (ok)". However the "encryption not supported by server" remained. Haven't been able to use the native email client since October 2014
  5. #5  
    Hi,

    not sure if this helps, but I noticed two things.
    1. The dump shows two certs, the 2nd being from the Issuer. Maybe that changed as well
    2. When I did this, I always saved my .pem files somewhere in internal and then used Internalz pro to open it and thus add it to the certificate manager. Not sure if copying the file to the /etc/ssl folder is equivalent.

    The certificate manager also shows you details of a cert. You can get to it via "device info"->menu

    hope that helps.

    Regards,
    UW
    Handspring Visor -> Palm Centro -> HP Pre 3 / HP TP 4G -> amazon fire phone 64GB
  6. #6  
    HerrSchwarz5, thanks, you saved the day!!! Now all works like a breeze and it is indeed so simple.

    I put it together completely one more time for others to also benefit. I am sure there are many out there going nuts due to the same problem.

    ##################################################

    I used a Linux-PC shell to download the certificate by doing this:

    openssl s_client -showcerts -connect mail.mx6-sysproserver.de:993

    which gave me the dump shown in my previous post above. I took the first block

    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----

    copied it in a file called arbitrarily mail.mx6-sysproserver.de.pem and placed this file on my Pre3 into the directory
    /media/internal which is what you access as a default directory when connecting the Pre to a PC as a USB drive.
    No need to fiddle around with Xecutah to transfer the file to /etc/ssl/certs or the like.

    Now comes the key action being as simple as that:
    Use Internalz Pro to open this file on the Pre. I hit the "Trust certificate" key which comes up although I do not
    know if that second step is necessary. Closed it, went to the email tool, setup the account of interest for SSL
    encryption and BANG, SSL works now.

    That's all.

    ##################################################

    I repeated this step for the smtp server which is associated with this account doing
    openssl s_client -showcerts -connect smtp.mx6-sysproserver.de:465
    and the rest of the story is the same. So sending emails is possible again too.
    This used to be totally blocked since the provider would not allow anymore to send email w/o encrypted authentication.

    I did the whole thing for an email account hosted by strato.de, starting by using these commands:
    openssl s_client -showcerts -connect imap.strato.de:993
    openssl s_client -showcerts -connect smtp.strato.de:465

    Same success.


    So send cookies to HerrSchwarz5 - plenty!

    Thanks to the community,
    Tom
  7. #7  
    Yes that second step is indeed required, because opening it simply displays the cert, while trust adds it to the trust store. I've figured out how to replace existing expired certs in /etc/ssl... but not how to add new ones. I am curious enough about it to look into it at some point.
  8. #8  
    Finally resolved this!!! I actually had 3 certs in my chain and in the past when I've tried this I probably just grabbed the first one. This time I created 3 separate .pem files, one for each cert, and accepted all 3 of them. Email is back! Thanks much, guys
  9. #9  
    Don't forget: If you have the .pem-files and put them on the device you can also trust the certificates by using Device Info - Certificate Manager... (on a Touchpad that is).
  10. #10  
    A couple of days ago, I noticed that I wasn't receiving email for my Yahoo account (set up got the "requested encryption not supported by server" for my Yahoo Mail accounts (IMAP). And after a few frustrating hours manually finding certificates (and not solving the problem), I found this discussion.
    This totally solved the problem.

    I followed the steps outlined in previous posts. Here's a quick summary:
    1. Using Terminal on my Mac, I entered this on the command line:
    openssl s_client -showcerts -connect imap.mail.yahoo.com:993
    That gave me output similar to the ones shown in previous posts. It also showed two certificates.

    2. I copied and pasted each certificate (starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----) to a separate text document, with the .pem extension in the file name.

    3. I copied these to my VEER (via WifiFileSharing but you can also use the USB connection) to a folder in /media/internal/

    4. On my VEER, I navigated to those files with Internalz and opened them.

    5. Opening the files launched the Certificate Manager — which gave me an error that said "Invalid Certificate, The file __ cannot be opened because it is not a valid security certificate file format."

    6. I OKAYed the error and then clicked on the add certificate icon (the one that has a plus sign over a gear or starburst). I selected my files and said "Trust Certificate"

    7. I checked my email right away, and it worked! (I didn't even need to restart.)

    Hope that helps!

    Thanks to the community for all the help in keeping my VEER running.

    Jack
    Last edited by lohjack1; 03/26/2015 at 03:53 PM.
  11. #11  
    I have a Palm Pre Classic running 1.4.5 and had the Yahoo SSL issue crop up this week. I pulled down the certificates on my Linux PC and followed lohjack1's steps without success, though I didn't have the issue he did in step 5. Details:

    imap.mail.yahoo.com:993
    1) VeriSign (Self-Signed)
    2) Symantec (Issued by VeriSign)
    3) *.imap.mail.yahoo.com (Issued by Symantec)

    smtp.mail.yahoo.com:465
    1) DigiCert (Self-Signed)
    2) smtp.mail.yahoo.com (Issued by DigiCert)

    I installed all five certificates to (hopefully) make the chain happy but even after a restart nothing has improved.

    Anybody have any other ideas?
  12. #12  
    Quote Originally Posted by IronManRust View Post
    I have a Palm Pre Classic running 1.4.5 and had the Yahoo SSL issue crop up this week. I pulled down the certificates on my Linux PC and followed lohjack1's steps without success, though I didn't have the issue he did in step 5. Details:

    imap.mail.yahoo.com:993
    1) VeriSign (Self-Signed)
    2) Symantec (Issued by VeriSign)
    3) *.imap.mail.yahoo.com (Issued by Symantec)

    smtp.mail.yahoo.com:465
    1) DigiCert (Self-Signed)
    2) smtp.mail.yahoo.com (Issued by DigiCert)

    I installed all five certificates to (hopefully) make the chain happy but even after a restart nothing has improved.

    Anybody have any other ideas?
    I followed the steps by lohjack1. I didn't get any error about invalid certificate at step 5 either. But its working fine for me.

    When you installed the Certificates from Internalz App did it open in the Certificate Manager ?
  13. #13  
    Quote Originally Posted by IronManRust View Post
    I have a Palm Pre Classic running 1.4.5 and had the Yahoo SSL issue crop up this week. I pulled down the certificates on my Linux PC and followed lohjack1's steps without success, though I didn't have the issue he did in step 5. Details:

    imap.mail.yahoo.com:993
    1) VeriSign (Self-Signed)
    2) Symantec (Issued by VeriSign)
    3) *.imap.mail.yahoo.com (Issued by Symantec)

    smtp.mail.yahoo.com:465
    1) DigiCert (Self-Signed)
    2) smtp.mail.yahoo.com (Issued by DigiCert)

    I installed all five certificates to (hopefully) make the chain happy but even after a restart nothing has improved.

    Anybody have any other ideas?
    Can someone please upload these 5 certificates for these two imap and smtp yahoo servers?

    I don't have unix shell where i can run openssl command.

    Thanks
    Last edited by palmpre06062009; 03/01/2015 at 06:54 PM.
    Sent via HP TouchPad using Forums
  14. #14  
    Quote Originally Posted by palmpre06062009 View Post
    Can someone please upload these 5 certificates for these two imap and smtp yahoo servers?

    I don't have unix shell where i can run openssl command.

    Thanks
    I downloaded windows version of ready to go openssl.exe file You can download them from here

    indy.fulgan.com - /SSL/

    Just run the openssl command listed in this thread from the dos prompt in the directory where the openssl.exe and two *.dll files are stored.

    I got the certificates.
    Sent via HP TouchPad using Forums
  15. #15  
    Quote Originally Posted by IronManRust View Post
    I have a Palm Pre Classic running 1.4.5 and had the Yahoo SSL issue crop up this week. I pulled down the certificates on my Linux PC and followed lohjack1's steps without success, though I didn't have the issue he did in step 5. Details:

    imap.mail.yahoo.com:993
    1) VeriSign (Self-Signed)
    2) Symantec (Issued by VeriSign)
    3) *.imap.mail.yahoo.com (Issued by Symantec)

    smtp.mail.yahoo.com:465
    1) DigiCert (Self-Signed)
    2) smtp.mail.yahoo.com (Issued by DigiCert)

    I installed all five certificates to (hopefully) make the chain happy but even after a restart nothing has improved.

    Anybody have any other ideas?
    I installed all the 5 certificates without any issues, but still not working. What the hell. Somebody please help.

    Thanks.
    Sent via HP TouchPad using Forums
  16. #16  
    Quote Originally Posted by palmpre06062009 View Post
    I installed all the 5 certificates without any issues, but still not working. What the hell. Somebody please help.

    Thanks.
    Additional Update: I followed the same exact procedure for both Palm Pre 1.4.5 and HP Touchpad 3.0.5.

    The above worked for Touchpad, but not Palm Pre 1.4.5 version. Not sure if I need to delete and add back the account for this to work.

    Will keep folks posted.

    Thanks for all your help.
    Sent via HP TouchPad using Forums
  17. #17  
    Quote Originally Posted by palmpre06062009 View Post
    Additional Update: I followed the same exact procedure for both Palm Pre 1.4.5 and HP Touchpad 3.0.5.

    The above worked for Touchpad, but not Palm Pre 1.4.5 version. Not sure if I need to delete and add back the account for this to work.

    Will keep folks posted.

    Thanks for all your help.
    I tried adding a new yahoo account to my email on Palm Pre. As soon as I click sign in, it says invalid security certificate. Somehow it doesn't like these certificates.

    Any help? Thx
    Sent via HP TouchPad using Forums
  18. #18  
    Quote Originally Posted by palmpre06062009 View Post
    I tried adding a new yahoo account to my email on Palm Pre. As soon as I click sign in, it says invalid security certificate. Somehow it doesn't like these certificates.

    Any help? Thx
    I am able to send email from my Palm Pre. So the outgoing smtp server certificate seems to be ok.

    Still struggling with the incoming imap server. WTF.
    Sent via HP TouchPad using Forums
  19. #19  
    Quote Originally Posted by palmpre06062009 View Post
    I am able to send email from my Palm Pre. So the outgoing smtp server certificate seems to be ok.

    Still struggling with the incoming imap server. WTF.
    Does openssl.cnf configuration file play any role here? it seems to specify various paths to folders for the certificates. Since I am running the openssl.exe on a windows platform I see the following

    openssl s_client -showcerts -connect imap.mail.yahoo.com:993

    WARNING: can't open config file: /usr/local/ssl/openssl.cnf
    Loading 'screen' into random state - done


    CONNECTED(00000750)
    depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 200
    6 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primar
    y Certification Authority - G5
    verify error:num=20:unable to get local issuer certificate
    ---
    Certificate chain
    0 s:/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=*
    .imap.mail.yahoo.com
    i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3
    Secure Server CA - G4
    -----BEGIN CERTIFICATE-----
    Sent via HP TouchPad using Forums
  20. #20  
    The Yahoo SSL Certificate Error says The SERVER security certificate is invalid. I just checked the server security certificate via digicert.com

    DNS resolves 'palm.imap.mail.yahoo.com' to 98.136.164.205

    SSL certificate

    Common Name = *.imap.mail.yahoo.com
    Subject Alternative Names = *.imap.mail.yahoo.com, imap.mail.yahoo.com
    Issuer = Symantec Class 3 Secure Server CA - G4
    Serial Number = 1B837C2D3FB7155B4C4F77447156C2B3
    SHA1 Thumbprint = A920541D377A4249259BCC59846A1FAF621B4287
    Key Length = 2048 bit
    Signature algorithm = SHA256 + RSA (excellent)
    Secure Renegotiation: Supported
    This certificate does not use a vulnerable Debian key (this is good)

    SSL Certificate has not been revoked

    OCSP Staple:
    OCSP Origin:
    CRL Status:

    SSL Certificate expiration

    The certificate expires February 24, 2016 (359 days from today)

    Certificate Name matches palm.imap.mail.yahoo.com


    Subject *.imap.mail.yahoo.com
    Valid from 24/Feb/2015 to 24/Feb/2016
    Issuer Symantec Class 3 Secure Server CA - G4


    Subject Symantec Class 3 Secure Server CA - G4
    Valid from 31/Oct/2013 to 30/Oct/2023
    Issuer VeriSign Class 3 Public Primary Certification Authority - G5


    Subject VeriSign Class 3 Public Primary Certification Authority - G5
    Valid from 08/Nov/2006 to 07/Nov/2021
    Issuer VeriSign, Inc.
    SSL Certificate is correctly installed

    Congratulations! This certificate is correctly installed.
    Attached Files Attached Files
    Sent via HP TouchPad using Forums
Page 1 of 3 123 LastLast

Posting Permissions