Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




192 posts

Master Geek


Topic # 112582 13-Dec-2012 10:25
Send private message

Hi there,

I am having issues using POP3 through Gmail to pull in my @orcon.net.nz emails.  Taking a closer look it appears the SSL certificate for mail.orcon.net.nz is invalid.  It works fine if I disable SSL, but I would prefer to keep this enabled.  I thought it would be easier to get the right peoples attention by posting on here, rather than calling the helpdesk.  :-)


EDIT:  Hmm taking a closer look it seems the cert is valid through to May 10 03:11:21 2017 GMT.  Perhaps I'm having another issue, or there is something wrong with the chain of authority?

The specific error I get from Gmail is:

Unable to establish secure SSL connection to mail.orcon.net.nz [ Help ]

Create new topic


192 posts

Master Geek


  Reply # 731863 13-Dec-2012 10:33
Send private message

Plugging mail.orcon.net.nz:995 in to this website gives some more specific info:

http://www.digicert.com/help/

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731865 13-Dec-2012 10:37
Send private message

Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software


192 posts

Master Geek


  Reply # 731872 13-Dec-2012 10:40
Send private message

ubergeeknz: Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan


Hi Dan,

It seems something has changed on either Gmail's or Orcon's side as POP3 from Gmail (with SSL enabled) has been working for several months up to this point.  The website I mentioned above shows "SSL certificate is not trusted" - is this normal?

Thanks for taking a look!

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731874 13-Dec-2012 10:42
Send private message

Update: Seems like the mail server is missing an intermediate cert.  The guys are looking into it now.

312 posts

Ultimate Geek
+1 received by user: 72


  Reply # 731876 13-Dec-2012 10:43
Send private message

looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.

also look like it a new cert so that why it just stop working for you - new chained cert can be a real pain in the a$$ to install, even bigger pain if it microsoft server as some time even loaded right it still does not work.

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731879 13-Dec-2012 10:46
Send private message

bagheera: looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.


SNAP

21012 posts

Uber Geek
+1 received by user: 4153

Trusted
Subscriber

  Reply # 732264 13-Dec-2012 20:41
Send private message

Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed




Richard rich.ms



192 posts

Master Geek


  Reply # 732277 13-Dec-2012 21:31
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


No, unfortunately they don't allow that.  Thanks for getting them to take a look Dan Smile

312 posts

Ultimate Geek
+1 received by user: 72


  Reply # 732372 14-Dec-2012 08:37
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.

312 posts

Ultimate Geek
+1 received by user: 72


  Reply # 732495 14-Dec-2012 11:38
Send private message

look like the tech has updated the chain now. Should be working now.



192 posts

Master Geek


  Reply # 732508 14-Dec-2012 11:41
Send private message

bagheera: look like the tech has updated the chain now. Should be working now.


Yes all fixed now.  Thanks for the quick turn around Orcon! Smile

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 732510 14-Dec-2012 11:44
Send private message

Hi Guys,

Should be all fixed now.  Sorry for the inconvenience, and thanks for letting us know...

Regards



Dan

21012 posts

Uber Geek
+1 received by user: 4153

Trusted
Subscriber

  Reply # 732745 14-Dec-2012 20:04
Send private message

bagheera:
richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.


works for me with the default control panels cert as well as one I made on my home machine and put on a web hoat. just have to accept once.

unfortunatly there was no warning from the phone or outlook when one was swapped out for a cheap ssl cert from go daddy or someone.




Richard rich.ms

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09


Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00


D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30


New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17


Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14


Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12


Framing Facebook: It’s not about technology
Posted 14-May-2018 16:02


Vocus works with NZ Police and telcos to stop scam calls
Posted 12-May-2018 11:12


Vista Group signs Aeon Entertainment, largest cinema chain in Japan
Posted 11-May-2018 21:41


New Privacy Trust Mark certifies privacy and customer control
Posted 10-May-2018 14:16


New app FIXR connects vehicle owners to top Mechanics at best prices
Posted 10-May-2018 14:13


Nutanix Beam gives enterprises control of the cloud
Posted 10-May-2018 14:09


D-Link ANZ launches Covr Seamless Wi-Fi System
Posted 10-May-2018 14:06


Telstra, Intel and Ericsson demonstrate a 5G future for esports
Posted 10-May-2018 13:59


Spark introduces Android One with Nokia 7 plus and Nokia 6.1
Posted 8-May-2018 05:00



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.