SSL certificate rejected.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: SSL certificate rejected.
SSL certificate rejected.
11-05-2010 8:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Time to wait for something better? Time to panic?
Re: SSL certificate rejected.
11-05-2010 8:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is the problem intermittent?
Also, what mail client are you using and are any of the SSL/TLS or authentication methods selected in your outbound mail properties?
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: SSL certificate rejected.
11-05-2010 8:36 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: SSL certificate rejected.
12-05-2010 1:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: SSL certificate rejected.
12-05-2010 2:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I had it early this morning a few times, restarted the PC and the problem seemed to go away. Now it's back again, despite restarts. Messages are:
Connecting to the Mail Server----, EHLO John-(my computername).jdavis1.plus.com [02:43:36 PM]
SSL Negotiation Failed: Certificate Error: Cert Chain not trusted. Try adding this certificate to your certificate database for SSL to succeed. Certificate bad: Destination Host name does not match host in certiciate Cause: (-6995)
I'm not aware of useing SSL for my email, so presumably that's at the server end?
I seem to be able to receive email OK, but can't send it via my email client.
Regards,
John
Re: SSL certificate rejected.
12-05-2010 2:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I looked at my email account settings, and there's an option (the default, I think) for "Secure Sockets When Sending" which I think has defaulted to the value "IF AVAILABLE, STARTTLS" (whatever that means!)
I've changed that to NEVER, and now have been able to send my email.
So, my immediate problem has gone away.
But I haven't changed anything - presumably there's been an environmental change at the Plusnet end, and maybe a certificate needs a Spring clean?
Regards,
John
Re: SSL certificate rejected.
12-05-2010 5:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: JohnD But I haven't changed anything - presumably there's been an environmental change at the Plusnet end, and maybe a certificate needs a Spring clean?
Yes there has, it's the maintenance work I linked to in my earlier post.
Basically, the new outbound mail servers advertise TLS whereas the old ones don't.
[quote author="Relay"]Connected to relay.plus.net.
Escape character is '^]'.
220 relay.plus.net ESMTP Exim Wed, 12 May 2010 17:43:38 +0100
ehlo relay
250-pih-relay04.plus.net Hello relay [84.93.217.165]
250-SIZE 104857600
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
[quote author="OutMX"]Connected to relay.plus.net.
Escape character is '^]'.
220 relay.plus.net ESMTP Exim Wed, 12 May 2010 17:44:03 +0100
ehlo relay
250-outmx01.plus.net Hello relay [84.93.217.165]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
The certificate is self signed though which is what your mail client seems to be barfing at. Most clients will present a warning but give you the option to override it, doesn't look like Eudora does
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: SSL certificate rejected.
12-05-2010 7:10 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Does that mean that the new relay servers are likely to support secure authentication soon ?
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: SSL certificate rejected.
12-05-2010 7:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: SSL certificate rejected.
13-05-2010 10:01 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
At the moment, there's only four OutMX servers live which means the problem is intermittent. Once all the servers are live though, and the relays retired, then the problem will become persistent. I can see this causing some pain for customers and our technical helpdesk.
There's more work to be done on the outbound mail platform over the coming weeks/months, and as we introduce more functionality then we can always look at switching TLS back on at a later date.
I'll update this post once it's been switched off...
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: SSL certificate rejected.
13-05-2010 12:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote At the moment, there's only four OutMX servers live which means the problem is intermittent.
That figures!, I added an additional smtp server to Thunderbird using TLS and it seemed to work. I then changed that to be the default and it stopped working !!!. Must have just been luck the first time that I connected to a server that supported it, then subsequently got the old servers which didnt. Couldnt understand it at the time but it makes sense now from your last post.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: SSL certificate rejected.
13-05-2010 9:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Selecting "Accept this certificate permanently", doesn't fix.
Screenshots may assist.
Re: SSL certificate rejected.
14-05-2010 8:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: SSL certificate rejected.
15-05-2010 2:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
What is the correct solution, so that I don't get these warnings every time I try to send mail? Can this solution be advertised somewhere more prominent?
I am using Thunderbird under Ubuntu (Karmic) Linux
Re: SSL certificate rejected.
17-05-2010 11:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Bob ... it will cease to occur anyway once TLS has been switched off.
TLS has now been disabled so you should no longer encounter the intermittent certificate errors.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page