Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




192 posts

Master Geek


Topic # 112582 13-Dec-2012 10:25
Send private message

Hi there,

I am having issues using POP3 through Gmail to pull in my @orcon.net.nz emails.  Taking a closer look it appears the SSL certificate for mail.orcon.net.nz is invalid.  It works fine if I disable SSL, but I would prefer to keep this enabled.  I thought it would be easier to get the right peoples attention by posting on here, rather than calling the helpdesk.  :-)


EDIT:  Hmm taking a closer look it seems the cert is valid through to May 10 03:11:21 2017 GMT.  Perhaps I'm having another issue, or there is something wrong with the chain of authority?

The specific error I get from Gmail is:

Unable to establish secure SSL connection to mail.orcon.net.nz [ Help ]

Create new topic


192 posts

Master Geek


  Reply # 731863 13-Dec-2012 10:33
Send private message

Plugging mail.orcon.net.nz:995 in to this website gives some more specific info:

http://www.digicert.com/help/

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731865 13-Dec-2012 10:37
Send private message

Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan

 
 
 
 




192 posts

Master Geek


  Reply # 731872 13-Dec-2012 10:40
Send private message

ubergeeknz: Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan


Hi Dan,

It seems something has changed on either Gmail's or Orcon's side as POP3 from Gmail (with SSL enabled) has been working for several months up to this point.  The website I mentioned above shows "SSL certificate is not trusted" - is this normal?

Thanks for taking a look!

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731874 13-Dec-2012 10:42
Send private message

Update: Seems like the mail server is missing an intermediate cert.  The guys are looking into it now.

274 posts

Ultimate Geek
+1 received by user: 59


  Reply # 731876 13-Dec-2012 10:43
Send private message

looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.

also look like it a new cert so that why it just stop working for you - new chained cert can be a real pain in the a$$ to install, even bigger pain if it microsoft server as some time even loaded right it still does not work.

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731879 13-Dec-2012 10:46
Send private message

bagheera: looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.


SNAP

20374 posts

Uber Geek
+1 received by user: 3877

Trusted
Subscriber

  Reply # 732264 13-Dec-2012 20:41
Send private message

Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed




Richard rich.ms



192 posts

Master Geek


  Reply # 732277 13-Dec-2012 21:31
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


No, unfortunately they don't allow that.  Thanks for getting them to take a look Dan Smile

274 posts

Ultimate Geek
+1 received by user: 59


  Reply # 732372 14-Dec-2012 08:37
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.

274 posts

Ultimate Geek
+1 received by user: 59


  Reply # 732495 14-Dec-2012 11:38
Send private message

look like the tech has updated the chain now. Should be working now.



192 posts

Master Geek


  Reply # 732508 14-Dec-2012 11:41
Send private message

bagheera: look like the tech has updated the chain now. Should be working now.


Yes all fixed now.  Thanks for the quick turn around Orcon! Smile

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 732510 14-Dec-2012 11:44
Send private message

Hi Guys,

Should be all fixed now.  Sorry for the inconvenience, and thanks for letting us know...

Regards



Dan

20374 posts

Uber Geek
+1 received by user: 3877

Trusted
Subscriber

  Reply # 732745 14-Dec-2012 20:04
Send private message

bagheera:
richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.


works for me with the default control panels cert as well as one I made on my home machine and put on a web hoat. just have to accept once.

unfortunatly there was no warning from the phone or outlook when one was swapped out for a cheap ssl cert from go daddy or someone.




Richard rich.ms

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Symantec selects Amazon Web Services to deliver cloud security
Posted 23-Nov-2017 10:40


New Zealand Ministry of Education chooses Unisys for cloud-based education resourcing management system
Posted 22-Nov-2017 22:00


Business analytics software powers profits for NZ wine producers
Posted 22-Nov-2017 21:52


Pyrios strikes up alliance with Microsoft integrator UC Logiq
Posted 22-Nov-2017 21:51


The New Zealand IT services ecosystem - it's all digital down here
Posted 22-Nov-2017 21:49


Volvo to supply tens of thousands of autonomous drive compatible cars to Uber
Posted 22-Nov-2017 21:46


From small to medium and beyond: Navigating the ERP battlefield
Posted 21-Nov-2017 21:12


Business owners: ERP software selection starts (and finishes) with you
Posted 21-Nov-2017 21:11


Why I'm not an early adopter
Posted 21-Nov-2017 10:39


Netatmo launches smart home products in New Zealand
Posted 20-Nov-2017 20:06


Huawei Mate 10: Punchy, long battery life, artificial intelligence
Posted 20-Nov-2017 16:30


Propel launch Disney Star Wars Laser Battle Drones
Posted 19-Nov-2017 21:26


UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.