Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)mail.orcon.net.nz SSL cert invalid?
rattewisday

203 posts

Master Geek


#112582 13-Dec-2012 10:25
Send private message

Hi there,

I am having issues using POP3 through Gmail to pull in my @orcon.net.nz emails.  Taking a closer look it appears the SSL certificate for mail.orcon.net.nz is invalid.  It works fine if I disable SSL, but I would prefer to keep this enabled.  I thought it would be easier to get the right peoples attention by posting on here, rather than calling the helpdesk.  :-)


EDIT:  Hmm taking a closer look it seems the cert is valid through to May 10 03:11:21 2017 GMT.  Perhaps I'm having another issue, or there is something wrong with the chain of authority?

The specific error I get from Gmail is:

Unable to establish secure SSL connection to mail.orcon.net.nz [ Help ]

Create new topic
rattewisday

203 posts

Master Geek


  #731863 13-Dec-2012 10:33
Send private message

Plugging mail.orcon.net.nz:995 in to this website gives some more specific info:

http://www.digicert.com/help/



ubergeeknz
3344 posts

Uber Geek

Trusted
Vocus

  #731865 13-Dec-2012 10:37
Send private message

Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan

rattewisday

203 posts

Master Geek


  #731872 13-Dec-2012 10:40
Send private message

ubergeeknz: Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan


Hi Dan,

It seems something has changed on either Gmail's or Orcon's side as POP3 from Gmail (with SSL enabled) has been working for several months up to this point.  The website I mentioned above shows "SSL certificate is not trusted" - is this normal?

Thanks for taking a look!



ubergeeknz
3344 posts

Uber Geek

Trusted
Vocus

  #731874 13-Dec-2012 10:42
Send private message

Update: Seems like the mail server is missing an intermediate cert.  The guys are looking into it now.

bagheera
539 posts

Ultimate Geek


  #731876 13-Dec-2012 10:43
Send private message

looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.

also look like it a new cert so that why it just stop working for you - new chained cert can be a real pain in the a$$ to install, even bigger pain if it microsoft server as some time even loaded right it still does not work.

ubergeeknz
3344 posts

Uber Geek

Trusted
Vocus

  #731879 13-Dec-2012 10:46
Send private message

bagheera: looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.


SNAP

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #732264 13-Dec-2012 20:41
Send private message

Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed




Richard rich.ms

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
rattewisday

203 posts

Master Geek


  #732277 13-Dec-2012 21:31
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


No, unfortunately they don't allow that.  Thanks for getting them to take a look Dan Smile

bagheera
539 posts

Ultimate Geek


  #732372 14-Dec-2012 08:37
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.

bagheera
539 posts

Ultimate Geek


  #732495 14-Dec-2012 11:38
Send private message

look like the tech has updated the chain now. Should be working now.

rattewisday

203 posts

Master Geek


  #732508 14-Dec-2012 11:41
Send private message

bagheera: look like the tech has updated the chain now. Should be working now.


Yes all fixed now.  Thanks for the quick turn around Orcon! Smile

ubergeeknz
3344 posts

Uber Geek

Trusted
Vocus

  #732510 14-Dec-2012 11:44
Send private message

Hi Guys,

Should be all fixed now.  Sorry for the inconvenience, and thanks for letting us know...

Regards



Dan

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #732745 14-Dec-2012 20:04
Send private message

bagheera:
richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.


works for me with the default control panels cert as well as one I made on my home machine and put on a web hoat. just have to accept once.

unfortunatly there was no warning from the phone or outlook when one was swapped out for a cheap ssl cert from go daddy or someone.




Richard rich.ms

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright