Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




192 posts

Master Geek


Topic # 112582 13-Dec-2012 10:25
Send private message

Hi there,

I am having issues using POP3 through Gmail to pull in my @orcon.net.nz emails.  Taking a closer look it appears the SSL certificate for mail.orcon.net.nz is invalid.  It works fine if I disable SSL, but I would prefer to keep this enabled.  I thought it would be easier to get the right peoples attention by posting on here, rather than calling the helpdesk.  :-)


EDIT:  Hmm taking a closer look it seems the cert is valid through to May 10 03:11:21 2017 GMT.  Perhaps I'm having another issue, or there is something wrong with the chain of authority?

The specific error I get from Gmail is:

Unable to establish secure SSL connection to mail.orcon.net.nz [ Help ]

Create new topic


192 posts

Master Geek


  Reply # 731863 13-Dec-2012 10:33
Send private message

Plugging mail.orcon.net.nz:995 in to this website gives some more specific info:

http://www.digicert.com/help/

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731865 13-Dec-2012 10:37
Send private message

Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan

 
 
 
 




192 posts

Master Geek


  Reply # 731872 13-Dec-2012 10:40
Send private message

ubergeeknz: Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan


Hi Dan,

It seems something has changed on either Gmail's or Orcon's side as POP3 from Gmail (with SSL enabled) has been working for several months up to this point.  The website I mentioned above shows "SSL certificate is not trusted" - is this normal?

Thanks for taking a look!

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731874 13-Dec-2012 10:42
Send private message

Update: Seems like the mail server is missing an intermediate cert.  The guys are looking into it now.

274 posts

Ultimate Geek
+1 received by user: 59


  Reply # 731876 13-Dec-2012 10:43
Send private message

looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.

also look like it a new cert so that why it just stop working for you - new chained cert can be a real pain in the a$$ to install, even bigger pain if it microsoft server as some time even loaded right it still does not work.

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 731879 13-Dec-2012 10:46
Send private message

bagheera: looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.


SNAP

20349 posts

Uber Geek
+1 received by user: 3860

Trusted
Subscriber

  Reply # 732264 13-Dec-2012 20:41
Send private message

Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed




Richard rich.ms



192 posts

Master Geek


  Reply # 732277 13-Dec-2012 21:31
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


No, unfortunately they don't allow that.  Thanks for getting them to take a look Dan Smile

274 posts

Ultimate Geek
+1 received by user: 59


  Reply # 732372 14-Dec-2012 08:37
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.

274 posts

Ultimate Geek
+1 received by user: 59


  Reply # 732495 14-Dec-2012 11:38
Send private message

look like the tech has updated the chain now. Should be working now.



192 posts

Master Geek


  Reply # 732508 14-Dec-2012 11:41
Send private message

bagheera: look like the tech has updated the chain now. Should be working now.


Yes all fixed now.  Thanks for the quick turn around Orcon! Smile

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 732510 14-Dec-2012 11:44
Send private message

Hi Guys,

Should be all fixed now.  Sorry for the inconvenience, and thanks for letting us know...

Regards



Dan

20349 posts

Uber Geek
+1 received by user: 3860

Trusted
Subscriber

  Reply # 732745 14-Dec-2012 20:04
Send private message

bagheera:
richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.


works for me with the default control panels cert as well as one I made on my home machine and put on a web hoat. just have to accept once.

unfortunatly there was no warning from the phone or outlook when one was swapped out for a cheap ssl cert from go daddy or someone.




Richard rich.ms

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31


Active wholesale as Chorus tackles wireless challenge
Posted 3-Nov-2017 10:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.