subject:"Re\: How to import a root certificate"

Re: How to import a root certificate

2017-08-28 Thread MFPA

Hi

On Monday 28 August 2017 at 1:17:23 PM, in
, Tom wrote:-

> Unfortunately TB makes it more difficult to deal with
> this than
> other clients like outlook.

I believe Outlook uses Microsoft CryptoAPI to manage S/MIME and TLS
certificates. TB! is more flexible because you have the additional
option of using the internal implementation.

> The error message is always like this:

> !28/08/2017,  22:03:54: FETCH - TLS handshake
> failure. The server host
> name ("xyz.somewhere.com") does not match the
> certificate.

The error message you reported seeing in your July 2014 thread was 
about the server not providing a root certificate during the session, 
and there being no root certificate in your address book. This new 
error message is reporting a different issue.

> !28/08/2017,  22:04:57: FETCH - TLS handshake
> failure. The server host
> name ("xyz.somewhere.com.au") does not match the
> certificate.

Compare the actual host name with the host name given in the 
certificate, work out what is different, then change one to match the 
other. 

> I tried ...

My previous advice was given when you were saying it was the exact 
same issue and the same error message as three years ago.

Now that you report a different problem, that advice is not relevant.

> And how would I
> add something to the cryptoAPI?  

Click the Windows start button (or press the Windows key), type 
certmgr.msc in the box and press enter. If it's not clear from there, 
ask a search engine how to add a certificate to "windows certificate 
store".

-- 
Best regards

MFPA  

It is not necessary to have enemies if you go out of your way to make friends 
hate you.

Using The Bat! v7.4.16.14 (BETA) on Windows 10.0 Build 15063  

Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2017-08-28 Thread Tom



> Given the thread was three years ago, a description of the issues
> might be useful.

The  issue is just as I had explained in my original thread some years
ago.
Unfortunately TB makes it more difficult to deal with this than
other clients like outlook.

The error message is always like this:

!28/08/2017,  22:03:54: FETCH - TLS handshake failure. The server host
name ("xyz.somewhere.com") does not match the certificate.
 28/08/2017, 22:04:57: FETCH - receiving mail messages
 28/08/2017, 22:04:57: FETCH - Initiating TLS handshake
>28/08/2017,  22:04:57:  FETCH  - Certificate S/N:
>7C865050CzzC83B21132D5C,  algorithm: RSA (2048 bits), issued
>from 3/21/2017 to 6/20/2018 11:59:59 PM, for 1 host(s): www.somewhere.com.au.
>28/08/2017, 22:04:57: FETCH - Owner: www.somewhere.com.au.
>28/08/2017, 22:04:57: FETCH - Issuer: US, GeoTrust Inc., Domain Validated SSL, 
>GeoTrust DV SSL CA - G3.
!28/08/2017,  22:04:57: FETCH - TLS handshake failure. The server host
name ("xyz.somewhere.com.au") does not match the certificate.

> Assuming you are using TB!'s internal implementation to manage S/MIME 
> and TLS certificates rather than the Windows certificate store, you 
> could try the following:-


> In The Bat!, click the Tools menu on the top of the screen, and  
> select Address Book. 
> 
> Click View and select Certificate Address Books.
> 
> Right-click Trusted Root CA and select New Contact from the 
> context menu. 
> 
> Type the name of the CA in First name field. 
> 
> Select the Certificates tab and click Import
> 
> Locate the root certificate you downloaded from the CA, then 
> select the file and click Open. 
> 
> Once the root certificate is imported, click OK to apply changes 
> and exit the Address Book. 


> Or you could see if switching to Windows certificate store (Microsoft 
> CryptoAPI) side-steps the issue for you. (If it doesn't, either the 
> root certificate needs adding there too, or a missing root certificate
> is not the problem.)

I tried the first suggestion via address book several times but
really  am  not  clear what I need to import there. Is it the geotrust
root  certificate that is missing or do I need to add my new Quick SSL
certificate? I tried both without much happiness.  And how would I
add something to the cryptoAPI?


-- 
Tom
using TheBat! 4.2.33.9 on 7/64bit



Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2017-08-28 Thread MFPA

Hi

On Monday 28 August 2017 at 9:53:19 AM, in
, Tom wrote:-

> Sorry,  I need to revive this thread as I have run
> into the exact same
> issues again. 

Given the thread was three years ago, a description of the issues
might be useful.

> So far I have been unable to solve the
> problem and would
> appreciate any guidance.
> Again  I  am  getting the same error messages after
> having updated the
> annual self-signed certificate purchased from geotrust.

I take it you create a self-signed certificate and submit it to
GeoTrust for them to add their signature.

> I have tried to import the root certificate but I
> probably need better
> advice  -  perhaps  last time I was lucky because
> this time I am stuck
> and after 3 years I can't remember all the steps.
> This time it affects two of my workstations with the
> exact same issue.  

Assuming you are using TB!'s internal implementation to manage S/MIME 
and TLS certificates rather than the Windows certificate store, you 
could try the following:-

In The Bat!, click the Tools menu on the top of the screen, and  
select Address Book. 

Click View and select Certificate Address Books.

Right-click Trusted Root CA and select New Contact from the 
context menu. 

Type the name of the CA in First name field. 

Select the Certificates tab and click Import

Locate the root certificate you downloaded from the CA, then 
select the file and click Open. 

Once the root certificate is imported, click OK to apply changes 
and exit the Address Book. 

Or you could see if switching to Windows certificate store (Microsoft 
CryptoAPI) side-steps the issue for you. (If it doesn't, either the 
root certificate needs adding there too, or a missing root certificate 
is not the problem.)

-- 
Best regards

MFPA  

Of course it's a good idea - it's mine! 

Using The Bat! v7.4.16.14 (BETA) on Windows 10.0 Build 15063  

Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2017-08-28 Thread Tom

Friday, July 25, 2014, 10:07:32 PM, you wrote:

> Hi

> On Thursday 24 July 2014 at 6:19:42 AM, in
> , Tom wrote:

>> Sorry,  my  mistake,  badly  worded  -  don't  know
>> enough  about the terminology. We  purchased  a
>> certificate from Geotrust but while it was valid and
>> accepted  by  outlook  or  other mail program, TB
>> rejected it. I think the  reason was that there was no
>> global certificate from geotrust in the  addressbook.
>> Once  I  downloaded  and  imported  this,  our  new
>> certificate  for  the  mail  server was accepted and
>> the TLS handshake worked without further issues.  

> Ah, it all makes sense now.

Sorry,  I need to revive this thread as I have run into the exact same
issues again. So far I have been unable to solve the problem and would
appreciate any guidance.
Again  I  am  getting the same error messages after having updated the
annual self-signed certificate purchased from geotrust.
I have tried to import the root certificate but I probably need better
advice  -  perhaps  last time I was lucky because this time I am stuck
and after 3 years I can't remember all the steps.
This time it affects two of my workstations with the exact same issue.

-- 
Tom
using TheBat! 4.2.33.9 on Win7/64

Current version is 7.1 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2014-07-25 Thread MFPA

Hi


On Thursday 24 July 2014 at 6:19:42 AM, in
, Tom wrote:



> Sorry,  my  mistake,  badly  worded  -  don't  know
> enough  about the terminology. We  purchased  a
> certificate from Geotrust but while it was valid and
> accepted  by  outlook  or  other mail program, TB
> rejected it. I think the  reason was that there was no
> global certificate from geotrust in the  addressbook.
> Once  I  downloaded  and  imported  this,  our  new
> certificate  for  the  mail  server was accepted and
> the TLS handshake worked without further issues.  


Ah, it all makes sense now.

-- 
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Always borrow money from a pessimist - they don't expect it back

Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Service Pack 3 



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2014-07-23 Thread Tom

Wednesday, July 23, 2014, 10:07:48 PM, you wrote:

> Hi

> On Wednesday 23 July 2014 at 10:05:44 AM, in
> , Tom wrote:

>> Thank you very much - yes, the critical issue was that
>> I had to import the  Geotrust  Global  CA first. Once I
>> had done that, our self-signed certificate was fully
>> validated.  

> I'm slightly confused. This suggests that after creating your
> self-signed certificate, you then got it signed by Geotrust Global CA.

> Importing (and trusting) the root certificates of all the CAs in the
> world would not validate a certificate that was signed only by itself
> and not by a CA.

Sorry,  my  mistake,  badly  worded  -  don't  know  enough  about the
terminology.
We  purchased  a  certificate from Geotrust but while it was valid and
accepted  by  outlook  or  other mail program, TB rejected it. I think
the  reason was that there was no global certificate from geotrust in
the  addressbook.  Once  I  downloaded  and  imported  this,  our  new
certificate  for  the  mail  server was accepted and the TLS handshake
worked without further issues.

-- 
Tom
using TheBat! 4.2.33.9 on XP

Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2014-07-23 Thread MFPA

Hi

On Wednesday 23 July 2014 at 10:05:44 AM, in
, Tom wrote:

> Thank you very much - yes, the critical issue was that
> I had to import the  Geotrust  Global  CA first. Once I
> had done that, our self-signed certificate was fully
> validated.  

I'm slightly confused. This suggests that after creating your
self-signed certificate, you then got it signed by Geotrust Global CA.

Importing (and trusting) the root certificates of all the CAs in the
world would not validate a certificate that was signed only by itself
and not by a CA.

-- 
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Is it bad luck to be superstitious?

Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Service Pack 3 

Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2014-07-23 Thread Tom



>> How do I import a root certificate. 

> It's several years since I needed to do this, and my memory of it is
> unclear. I think you set up an address book entry, import the
> certificate into that AB entry, view the certificate, go to the
> "certification path" tab, select the certificate you want to trust,
> and click "add to trusted."

> I played about with self-certificates quite a few years ago, and just
> for email, not TLS. And I have had to import new root certificates a 
> few times, when email service providers changed server certificates 
> and when correspondents had s/mime certificates from a CA that was not
> already there or had expired. So no great wealth of experience on my 
> part.

Thank you very much - yes, the critical issue was that I had to import
the  Geotrust  Global  CA first. Once I had done that, our self-signed
certificate was fully validated.



-- 
Tom
using TheBat! 4.2.33.9 on XP



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2014-07-19 Thread Jernej Simončič

On Thursday, July 17, 2014, 7:24:36, Tom wrote:

> How do I import a root certificate.

You can import the certificate through Address Book, but I suggest you
instead switch The Bat to use CryptoAPI - it'll then automatically use
any certificates you have in Windows (you can do this through
Options -> S/MIME and TLS).

-- 
< Jernej Simončič ><><><><>< http://eternallybored.org/ >

Ideal goals grow faster than the means of attaining new goals allow.
   -- Wober's SNIDE Rule (Satisfied Needs Incite Demand Excesses)



Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

2014-07-19 Thread MFPA

Hi

On Thursday 17 July 2014 at 6:24:36 AM, in
, Tom wrote:

> using  TLS for email retrievals from our mail server
> now, we installed a  new  certificate  on  the  server.
> It's  a  valid  certificate but self-signed and while
> outlook and other mail programs are happy, my TB does
> not like it

Are the other MUAs actually happy, or just configured to ignore
errors? And, if the latter, are they really receiving the mail over an
encrypted connection or is it falling back to unencrypted?

> I  am  getting  an  alert  "that  the  server  did  not
> provide a root certificate during the session, and
> there is no root certificate in my address  book.
> Connection may not be secure.  The options to view or
> add to trusted are greyed out. I have a choice to
> continue and if I do so I am getting my email. 

And when this happens, is it transmitted over an encrypted channel or 
not?

> But this
> is per email account and each time I want to retrieve
> emails, so not a working solution.

Indeed not.

> How do I import a root certificate. 

It's several years since I needed to do this, and my memory of it is
unclear. I think you set up an address book entry, import the
certificate into that AB entry, view the certificate, go to the
"certification path" tab, select the certificate you want to trust,
and click "add to trusted."

> I can see the
> address book section and  the  import  function there
> but I am unclear on how to create the file  for import.
> What format should that be in?  

.cer, .p12, .pfx seem to work, at least. 

> I have an email with
> the  certificate  details (a quick SSL Basic SSL
> Certificate and could copy/paste  that  info  into a
> file but I suspect The Bat is looking for something
> more than a text file?

See above.

> I  did  some  searching but found either very old
> postings without any outcomes  or a simple import
> advice. Sorry I am not experienced enough and any
> assistance will be appreciated a lot.  

I played about with self-certificates quite a few years ago, and just 
for email, not TLS. And I have had to import new root certificates a 
few times, when email service providers changed server certificates 
and when correspondents had s/mime certificates from a CA that was not 
already there or had expired. So no great wealth of experience on my 
part.

-- 
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

He who rests on his laurels wears them on wrong end.

Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Service Pack 3 

Current version is 6.1.8 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: How to import a root certificate

Re: How to import a root certificate

Re: How to import a root certificate

Re: How to import a root certificate

Re: How to import a root certificate

Re: How to import a root certificate

Re: How to import a root certificate

Re: How to import a root certificate

Re: How to import a root certificate

Re: How to import a root certificate

10 matches

Site Navigation

Mail list logo

Footer information