Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




192 posts

Master Geek


#112582 13-Dec-2012 10:25
Send private message

Hi there,

I am having issues using POP3 through Gmail to pull in my @orcon.net.nz emails.  Taking a closer look it appears the SSL certificate for mail.orcon.net.nz is invalid.  It works fine if I disable SSL, but I would prefer to keep this enabled.  I thought it would be easier to get the right peoples attention by posting on here, rather than calling the helpdesk.  :-)


EDIT:  Hmm taking a closer look it seems the cert is valid through to May 10 03:11:21 2017 GMT.  Perhaps I'm having another issue, or there is something wrong with the chain of authority?

The specific error I get from Gmail is:

Unable to establish secure SSL connection to mail.orcon.net.nz [ Help ]

Create new topic


192 posts

Master Geek


  #731863 13-Dec-2012 10:33
Send private message

Plugging mail.orcon.net.nz:995 in to this website gives some more specific info:

http://www.digicert.com/help/

3344 posts

Uber Geek

Trusted
Vocus

  #731865 13-Dec-2012 10:37
Send private message

Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan

 
 
 
 




192 posts

Master Geek


  #731872 13-Dec-2012 10:40
Send private message

ubergeeknz: Hi There,

I've just taken a quick look and all the certs look valid (POP3, IMAP, SMTP).  What makes you suspect a certificate problem?

Cheers



Dan


Hi Dan,

It seems something has changed on either Gmail's or Orcon's side as POP3 from Gmail (with SSL enabled) has been working for several months up to this point.  The website I mentioned above shows "SSL certificate is not trusted" - is this normal?

Thanks for taking a look!

3344 posts

Uber Geek

Trusted
Vocus

  #731874 13-Dec-2012 10:42
Send private message

Update: Seems like the mail server is missing an intermediate cert.  The guys are looking into it now.

367 posts

Ultimate Geek


  #731876 13-Dec-2012 10:43
Send private message

looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.

also look like it a new cert so that why it just stop working for you - new chained cert can be a real pain in the a$$ to install, even bigger pain if it microsoft server as some time even loaded right it still does not work.

3344 posts

Uber Geek

Trusted
Vocus

  #731879 13-Dec-2012 10:46
Send private message

bagheera: looking at the cert - the key chain not load right on orcon side for one or more Intermediate certificates - orcon techs will need to fix that - good luck.


SNAP

22986 posts

Uber Geek

Trusted
Subscriber

  #732264 13-Dec-2012 20:41
Send private message

Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed




Richard rich.ms

 
 
 
 




192 posts

Master Geek


  #732277 13-Dec-2012 21:31
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


No, unfortunately they don't allow that.  Thanks for getting them to take a look Dan Smile

367 posts

Ultimate Geek


  #732372 14-Dec-2012 08:37
Send private message

richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.

367 posts

Ultimate Geek


  #732495 14-Dec-2012 11:38
Send private message

look like the tech has updated the chain now. Should be working now.



192 posts

Master Geek


  #732508 14-Dec-2012 11:41
Send private message

bagheera: look like the tech has updated the chain now. Should be working now.


Yes all fixed now.  Thanks for the quick turn around Orcon! Smile

3344 posts

Uber Geek

Trusted
Vocus

  #732510 14-Dec-2012 11:44
Send private message

Hi Guys,

Should be all fixed now.  Sorry for the inconvenience, and thanks for letting us know...

Regards



Dan

22986 posts

Uber Geek

Trusted
Subscriber

  #732745 14-Dec-2012 20:04
Send private message

bagheera:
richms: Can you not force gmail to accept the cert? Seems a bit broken as a client if it only trusts the pre-baked CA's and not self signed


having a self sign cert for mail is a bad idea - there alot of phone and other client you can not tell to trust the cert with. This problem is due to the cert not load right, will most like work for a window pc only, but fail on all apple os, android etc. due to how they do cert vs Microsoft.


works for me with the default control panels cert as well as one I made on my home machine and put on a web hoat. just have to accept once.

unfortunatly there was no warning from the phone or outlook when one was swapped out for a cheap ssl cert from go daddy or someone.




Richard rich.ms

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.