cancel
Showing results for 
Search instead for 
Did you mean: 

SSL certificate rejected.

DavidHH
Grafter
Posts: 68
Registered: ‎03-08-2007

SSL certificate rejected.

SSL certificate rejected - that was the message returned a few moments ago when trying to send an email.
Time to wait for something better? Time to panic?
14 REPLIES 14
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL certificate rejected.

Can't help but wonder whether or not this is anything to do with the maintenance work earlier this afternoon. We've added four new mail servers to the relay platform and I'm wondering whether or not you're hitting one of these when you try to send email?
Is the problem intermittent?
Also, what mail client are you using and are any of the SSL/TLS or authentication methods selected in your outbound mail properties?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

DavidHH
Grafter
Posts: 68
Registered: ‎03-08-2007

Re: SSL certificate rejected.

Thanks, Yes, I wondered about the maintenance work. This seems to have been a temporary glitch.
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL certificate rejected.

Are you using a MAC by any chance?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

JohnD
Newbie
Posts: 4
Registered: ‎15-10-2007

Re: SSL certificate rejected.

I'm also getting this problem on a PC running Windows XP sp3; mail client is Eudora 5.1
I had it early this morning a few times, restarted the PC and the problem seemed to go away.  Now it's back again, despite restarts.  Messages are:
Connecting to the Mail Server----, EHLO John-(my computername).jdavis1.plus.com [02:43:36 PM]
SSL Negotiation Failed: Certificate Error: Cert Chain not trusted. Try adding this certificate to your certificate database for SSL to succeed. Certificate bad: Destination Host name does not match host in certiciate   Cause:  (-6995)
I'm not aware of useing SSL for my email, so presumably that's at the server end?
I seem to be able to receive email OK, but can't send it via my email client.
Regards,
John
JohnD
Newbie
Posts: 4
Registered: ‎15-10-2007

Re: SSL certificate rejected.

Subsequent to my earlier post (a few minutes ago).  I managed to send the email.
I looked at my email account settings, and there's an option (the default, I think) for "Secure Sockets When Sending" which I think has defaulted to the value "IF AVAILABLE, STARTTLS" (whatever that means!)
I've changed that to NEVER, and now have been able to send my email.
So, my immediate problem has gone away.
But I haven't changed anything - presumably there's been an environmental change at the Plusnet end, and maybe a certificate needs a Spring clean?
Regards,
John
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL certificate rejected.

Quote from: JohnD
But I haven't changed anything - presumably there's been an environmental change at the Plusnet end, and maybe a certificate needs a Spring clean?

Yes there has, it's the maintenance work I linked to in my earlier post.
Basically, the new outbound mail servers advertise TLS whereas the old ones don't.
[quote author="Relay"]Connected to relay.plus.net.
Escape character is '^]'.
220 relay.plus.net ESMTP Exim Wed, 12 May 2010 17:43:38 +0100
ehlo relay
250-pih-relay04.plus.net Hello relay [84.93.217.165]
250-SIZE 104857600
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
[quote author="OutMX"]Connected to relay.plus.net.
Escape character is '^]'.
220 relay.plus.net ESMTP Exim Wed, 12 May 2010 17:44:03 +0100
ehlo relay
250-outmx01.plus.net Hello relay [84.93.217.165]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
The certificate is self signed though which is what your mail client seems to be barfing at. Most clients will present a warning but give you the option to override it, doesn't look like Eudora does Sad

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

MisterW
Superuser
Superuser
Posts: 14,572
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: SSL certificate rejected.

Bob,
Does that mean that the new relay servers are likely to support secure authentication soon ?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL certificate rejected.

They'll support TLS however as I've mentioned the cert will be self signed for the time being.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL certificate rejected.

In fact, I've been thinking a bit about this overnight and reckon that it's probably sensible to switch of TLS fro the time being in light of the problems a few of you have reported in this thread.
At the moment, there's only four OutMX servers live which means the problem is intermittent. Once all the servers are live though, and the relays retired, then the problem will become persistent. I can see this causing some pain for customers and our technical helpdesk.
There's more work to be done on the outbound mail platform over the coming weeks/months, and as we introduce more functionality then we can always look at switching TLS back on at a later date.
I'll update this post once it's been switched off...

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

MisterW
Superuser
Superuser
Posts: 14,572
Thanks: 5,408
Fixes: 385
Registered: ‎30-07-2007

Re: SSL certificate rejected.

Quote
At the moment, there's only four OutMX servers live which means the problem is intermittent.

That figures!, I added an additional smtp server to Thunderbird using TLS and it seemed to work. I then changed that to be the default and it stopped working !!!. Must have just been luck the first time that I connected to a server that supported it, then subsequently got the old servers which didnt. Couldnt understand it at the time but it makes sense now from your last post.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Gel
Aspiring Champion
Posts: 2,332
Thanks: 299
Fixes: 29
Registered: ‎02-08-2007

Re: SSL certificate rejected.

I am having difficulty sending (intermittently) with Thunderbird.
Selecting "Accept this certificate permanently", doesn't fix.
Screenshots may assist. Undecided
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL certificate rejected.

Accepting the certificate permanently will fix that particular issue although it will cease to occur anyway once TLS has been switched off.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

softhedgehog
Dabbler
Posts: 11
Thanks: 1
Registered: ‎15-03-2010

Re: SSL certificate rejected.

I have been away for a few days, but when I tried to send yesterday, the first email worked OK but the second did not, even with several tries.  I clicked on "accept for this session" and all was OK.  This afternoon, I had a similar problem.
What is the correct solution, so that I don't get these warnings every time I try to send mail?  Can this solution be advertised somewhere more prominent?
I am using Thunderbird under Ubuntu (Karmic) Linux
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL certificate rejected.

Quote from: Bob
... it will cease to occur anyway once TLS has been switched off.

TLS has now been disabled so you should no longer encounter the intermittent certificate errors.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵