Re: How to import a root certificate

2017-08-28 Thread MFPA
Hi


On Monday 28 August 2017 at 1:17:23 PM, in
, Tom wrote:-



> Unfortunately TB makes it more difficult to deal with
> this than
> other clients like outlook.

I believe Outlook uses Microsoft CryptoAPI to manage S/MIME and TLS
certificates. TB! is more flexible because you have the additional
option of using the internal implementation.



> The error message is always like this:

> !28/08/2017,  22:03:54: FETCH - TLS handshake
> failure. The server host
> name ("xyz.somewhere.com") does not match the
> certificate.

The error message you reported seeing in your July 2014 thread was 
about the server not providing a root certificate during the session, 
and there being no root certificate in your address book. This new 
error message is reporting a different issue.



> !28/08/2017,  22:04:57: FETCH - TLS handshake
> failure. The server host
> name ("xyz.somewhere.com.au") does not match the
> certificate.

Compare the actual host name with the host name given in the 
certificate, work out what is different, then change one to match the 
other. 



> I tried ...

My previous advice was given when you were saying it was the exact 
same issue and the same error message as three years ago.

Now that you report a different problem, that advice is not relevant.



> And how would I
> add something to the cryptoAPI?  

Click the Windows start button (or press the Windows key), type 
certmgr.msc in the box and press enter. If it's not clear from there, 
ask a search engine how to add a certificate to "windows certificate 
store".



-- 
Best regards

MFPA  

It is not necessary to have enemies if you go out of your way to make friends 
hate you.

Using The Bat! v7.4.16.14 (BETA) on Windows 10.0 Build 15063  



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2017-08-28 Thread Tom


> Given the thread was three years ago, a description of the issues
> might be useful.

The  issue is just as I had explained in my original thread some years
ago.
Unfortunately TB makes it more difficult to deal with this than
other clients like outlook.

The error message is always like this:

!28/08/2017,  22:03:54: FETCH - TLS handshake failure. The server host
name ("xyz.somewhere.com") does not match the certificate.
 28/08/2017, 22:04:57: FETCH - receiving mail messages
 28/08/2017, 22:04:57: FETCH - Initiating TLS handshake
>28/08/2017,  22:04:57:  FETCH  - Certificate S/N:
>7C865050CzzC83B21132D5C,  algorithm: RSA (2048 bits), issued
>from 3/21/2017 to 6/20/2018 11:59:59 PM, for 1 host(s): www.somewhere.com.au.
>28/08/2017, 22:04:57: FETCH - Owner: www.somewhere.com.au.
>28/08/2017, 22:04:57: FETCH - Issuer: US, GeoTrust Inc., Domain Validated SSL, 
>GeoTrust DV SSL CA - G3.
!28/08/2017,  22:04:57: FETCH - TLS handshake failure. The server host
name ("xyz.somewhere.com.au") does not match the certificate.

> Assuming you are using TB!'s internal implementation to manage S/MIME 
> and TLS certificates rather than the Windows certificate store, you 
> could try the following:-


> In The Bat!, click the Tools menu on the top of the screen, and  
> select Address Book. 
> 
> Click View and select Certificate Address Books.
> 
> Right-click Trusted Root CA and select New Contact from the 
> context menu. 
> 
> Type the name of the CA in First name field. 
> 
> Select the Certificates tab and click Import
> 
> Locate the root certificate you downloaded from the CA, then 
> select the file and click Open. 
> 
> Once the root certificate is imported, click OK to apply changes 
> and exit the Address Book. 


> Or you could see if switching to Windows certificate store (Microsoft 
> CryptoAPI) side-steps the issue for you. (If it doesn't, either the 
> root certificate needs adding there too, or a missing root certificate
> is not the problem.)

I tried the first suggestion via address book several times but
really  am  not  clear what I need to import there. Is it the geotrust
root  certificate that is missing or do I need to add my new Quick SSL
certificate? I tried both without much happiness.  And how would I
add something to the cryptoAPI?


-- 
Tom
using TheBat! 4.2.33.9 on 7/64bit



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2017-08-28 Thread MFPA
Hi


On Monday 28 August 2017 at 9:53:19 AM, in
, Tom wrote:-


> Sorry,  I need to revive this thread as I have run
> into the exact same
> issues again. 

Given the thread was three years ago, a description of the issues
might be useful.



> So far I have been unable to solve the
> problem and would
> appreciate any guidance.
> Again  I  am  getting the same error messages after
> having updated the
> annual self-signed certificate purchased from geotrust.

I take it you create a self-signed certificate and submit it to
GeoTrust for them to add their signature.



> I have tried to import the root certificate but I
> probably need better
> advice  -  perhaps  last time I was lucky because
> this time I am stuck
> and after 3 years I can't remember all the steps.
> This time it affects two of my workstations with the
> exact same issue.  

Assuming you are using TB!'s internal implementation to manage S/MIME 
and TLS certificates rather than the Windows certificate store, you 
could try the following:-


In The Bat!, click the Tools menu on the top of the screen, and  
select Address Book. 

Click View and select Certificate Address Books.

Right-click Trusted Root CA and select New Contact from the 
context menu. 

Type the name of the CA in First name field. 

Select the Certificates tab and click Import

Locate the root certificate you downloaded from the CA, then 
select the file and click Open. 

Once the root certificate is imported, click OK to apply changes 
and exit the Address Book. 


Or you could see if switching to Windows certificate store (Microsoft 
CryptoAPI) side-steps the issue for you. (If it doesn't, either the 
root certificate needs adding there too, or a missing root certificate 
is not the problem.)


-- 
Best regards

MFPA  

Of course it's a good idea - it's mine! 

Using The Bat! v7.4.16.14 (BETA) on Windows 10.0 Build 15063  



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2017-08-28 Thread Tom

Friday, July 25, 2014, 10:07:32 PM, you wrote:

> Hi


> On Thursday 24 July 2014 at 6:19:42 AM, in
> , Tom wrote:



>> Sorry,  my  mistake,  badly  worded  -  don't  know
>> enough  about the terminology. We  purchased  a
>> certificate from Geotrust but while it was valid and
>> accepted  by  outlook  or  other mail program, TB
>> rejected it. I think the  reason was that there was no
>> global certificate from geotrust in the  addressbook.
>> Once  I  downloaded  and  imported  this,  our  new
>> certificate  for  the  mail  server was accepted and
>> the TLS handshake worked without further issues.  


> Ah, it all makes sense now.


Sorry,  I need to revive this thread as I have run into the exact same
issues again. So far I have been unable to solve the problem and would
appreciate any guidance.
Again  I  am  getting the same error messages after having updated the
annual self-signed certificate purchased from geotrust.
I have tried to import the root certificate but I probably need better
advice  -  perhaps  last time I was lucky because this time I am stuck
and after 3 years I can't remember all the steps.
This time it affects two of my workstations with the exact same issue.


-- 
Tom
using TheBat! 4.2.33.9 on Win7/64



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2014-07-25 Thread MFPA
Hi


On Thursday 24 July 2014 at 6:19:42 AM, in
mid:1803201600.20140724151...@sunnysydney.com, Tom wrote:



 Sorry,  my  mistake,  badly  worded  -  don't  know
 enough  about the terminology. We  purchased  a
 certificate from Geotrust but while it was valid and
 accepted  by  outlook  or  other mail program, TB
 rejected it. I think the  reason was that there was no
 global certificate from geotrust in the  addressbook.
 Once  I  downloaded  and  imported  this,  our  new
 certificate  for  the  mail  server was accepted and
 the TLS handshake worked without further issues.  


Ah, it all makes sense now.

-- 
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Always borrow money from a pessimist - they don't expect it back

Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Service Pack 3 



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2014-07-23 Thread Tom


 How do I import a root certificate. 

 It's several years since I needed to do this, and my memory of it is
 unclear. I think you set up an address book entry, import the
 certificate into that AB entry, view the certificate, go to the
 certification path tab, select the certificate you want to trust,
 and click add to trusted.

 I played about with self-certificates quite a few years ago, and just
 for email, not TLS. And I have had to import new root certificates a 
 few times, when email service providers changed server certificates 
 and when correspondents had s/mime certificates from a CA that was not
 already there or had expired. So no great wealth of experience on my 
 part.

Thank you very much - yes, the critical issue was that I had to import
the  Geotrust  Global  CA first. Once I had done that, our self-signed
certificate was fully validated.



-- 
Tom
using TheBat! 4.2.33.9 on XP



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2014-07-23 Thread MFPA
Hi


On Wednesday 23 July 2014 at 10:05:44 AM, in
mid:28389624.20140723190...@sunnysydney.com, Tom wrote:



 Thank you very much - yes, the critical issue was that
 I had to import the  Geotrust  Global  CA first. Once I
 had done that, our self-signed certificate was fully
 validated.  

I'm slightly confused. This suggests that after creating your
self-signed certificate, you then got it signed by Geotrust Global CA.

Importing (and trusting) the root certificates of all the CAs in the
world would not validate a certificate that was signed only by itself
and not by a CA.



-- 
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Is it bad luck to be superstitious?

Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Service Pack 3 



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2014-07-23 Thread Tom

Wednesday, July 23, 2014, 10:07:48 PM, you wrote:

 Hi


 On Wednesday 23 July 2014 at 10:05:44 AM, in
 mid:28389624.20140723190...@sunnysydney.com, Tom wrote:



 Thank you very much - yes, the critical issue was that
 I had to import the  Geotrust  Global  CA first. Once I
 had done that, our self-signed certificate was fully
 validated.  

 I'm slightly confused. This suggests that after creating your
 self-signed certificate, you then got it signed by Geotrust Global CA.

 Importing (and trusting) the root certificates of all the CAs in the
 world would not validate a certificate that was signed only by itself
 and not by a CA.


Sorry,  my  mistake,  badly  worded  -  don't  know  enough  about the
terminology.
We  purchased  a  certificate from Geotrust but while it was valid and
accepted  by  outlook  or  other mail program, TB rejected it. I think
the  reason was that there was no global certificate from geotrust in
the  addressbook.  Once  I  downloaded  and  imported  this,  our  new
certificate  for  the  mail  server was accepted and the TLS handshake
worked without further issues.




-- 
Tom
using TheBat! 4.2.33.9 on XP



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2014-07-19 Thread MFPA
Hi


On Thursday 17 July 2014 at 6:24:36 AM, in
mid:1117609439.20140717152...@sunnysydney.com, Tom wrote:



 using  TLS for email retrievals from our mail server
 now, we installed a  new  certificate  on  the  server.
 It's  a  valid  certificate but self-signed and while
 outlook and other mail programs are happy, my TB does
 not like it


Are the other MUAs actually happy, or just configured to ignore
errors? And, if the latter, are they really receiving the mail over an
encrypted connection or is it falling back to unencrypted?




 I  am  getting  an  alert  that  the  server  did  not
 provide a root certificate during the session, and
 there is no root certificate in my address  book.
 Connection may not be secure.  The options to view or
 add to trusted are greyed out. I have a choice to
 continue and if I do so I am getting my email. 

And when this happens, is it transmitted over an encrypted channel or 
not?



 But this
 is per email account and each time I want to retrieve
 emails, so not a working solution.

Indeed not.



 How do I import a root certificate. 

It's several years since I needed to do this, and my memory of it is
unclear. I think you set up an address book entry, import the
certificate into that AB entry, view the certificate, go to the
certification path tab, select the certificate you want to trust,
and click add to trusted.



 I can see the
 address book section and  the  import  function there
 but I am unclear on how to create the file  for import.
 What format should that be in?  

.cer, .p12, .pfx seem to work, at least. 



 I have an email with
 the  certificate  details (a quick SSL Basic SSL
 Certificate and could copy/paste  that  info  into a
 file but I suspect The Bat is looking for something
 more than a text file?

See above.



 I  did  some  searching but found either very old
 postings without any outcomes  or a simple import
 advice. Sorry I am not experienced enough and any
 assistance will be appreciated a lot.  

I played about with self-certificates quite a few years ago, and just 
for email, not TLS. And I have had to import new root certificates a 
few times, when email service providers changed server certificates 
and when correspondents had s/mime certificates from a CA that was not 
already there or had expired. So no great wealth of experience on my 
part.


-- 
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

He who rests on his laurels wears them on wrong end.

Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Service Pack 3 



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html


Re: How to import a root certificate

2014-07-19 Thread Jernej Simončič
On Thursday, July 17, 2014, 7:24:36, Tom wrote:

 How do I import a root certificate.

You can import the certificate through Address Book, but I suggest you
instead switch The Bat to use CryptoAPI - it'll then automatically use
any certificates you have in Windows (you can do this through
Options - S/MIME and TLS).

-- 
 Jernej Simončič  http://eternallybored.org/ 

Ideal goals grow faster than the means of attaining new goals allow.
   -- Wober's SNIDE Rule (Satisfied Needs Incite Demand Excesses)



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

How to import a root certificate

2014-07-16 Thread Tom

Hello Everyone,

using  TLS for email retrievals from our mail server now, we installed
a  new  certificate  on  the  server.  It's  a  valid  certificate but
self-signed and while outlook and other mail programs are happy, my TB
does not like it.

I  am  getting  an  alert  that  the  server  did  not provide a root
certificate during the session, and there is no root certificate in my
address  book.   Connection may not be secure.  The options to view or
add to trusted are greyed out. I have a choice to continue and if I do
so I am getting my email.
But this is per email account and each time I want to retrieve emails,
so not a working solution.

How do I import a root certificate. I can see the address book section
and  the  import  function there but I am unclear on how to create the
file  for import. What format should that be in?  I have an email with
the  certificate  details (a quick SSL Basic SSL Certificate and could
copy/paste  that  info  into a file but I suspect The Bat is looking for
something more than a text file?

I  did  some  searching but found either very old postings without any
outcomes  or a simple import advice. Sorry I am not experienced enough
and any assistance will be appreciated a lot.
  

-- 
Best regards,
Tom  
using TheBat! 4.2.33.9 on XP  



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html