I started getting SSL certificate errors lately on android for https://www.mail-archive.com.
https://globalsign.ssllabs.com/analyze.html?d=mail-archive.com Some other issues were reported as well in the SSL report. $ openssl s_client -connect www.mail-archive.com:443 CONNECTED(00000003) depth=0 jurisdictionC = US, jurisdictionST = California, businessCategory = Private Organization, serialNumber = C2578355, C = US, ST = California, L = Saratoga, postalCode = 95070, street = 16200 Sanborn Road, O = "Mail-Archive, Inc.", emailAddress = postmas...@mail-archive.com, CN = www.mail-archive.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 jurisdictionC = US, jurisdictionST = California, businessCategory = Private Organization, serialNumber = C2578355, C = US, ST = California, L = Saratoga, postalCode = 95070, street = 16200 Sanborn Road, O = "Mail-Archive, Inc.", emailAddress = postmas...@mail-archive.com, CN = www.mail-archive.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/jurisdictionC=US/jurisdictionST=California/businessCategory=Private Organization/serialNumber=C2578355/C=US/ST=California/L=Saratoga/postalCode=95070/street=16200 Sanborn Road/O=Mail-Archive, Inc./emailAddress=postmas...@mail-archive.com/CN=www.mail-archive.com i:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Extended Validation Server CA 1 s:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 4 EV Server CA i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIJPjCCCCagAwIBAgIQTX9wjS+41Rdn5B0IXFV8cjANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsT IFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS8wLQYDVQQDEyZTdGFy dENvbSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlcnZlciBDQTAeFw0xNjAxMDMwODU2 NDBaFw0xNzA1MDMwODU2NDBaMIIBLjETMBEGCysGAQQBgjc8AgEDDAJVUzEbMBkG CysGAQQBgjc8AgECDApDYWxpZm9ybmlhMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2Fu aXphdGlvbjERMA8GA1UEBRMIQzI1NzgzNTUxCzAJBgNVBAYTAlVTMRMwEQYDVQQI DApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYXJhdG9nYTEOMAwGA1UEEQwFOTUwNzAx GzAZBgNVBAkMEjE2MjAwIFNhbmJvcm4gUm9hZDEbMBkGA1UECgwSTWFpbC1BcmNo aXZlLCBJbmMuMSowKAYJKoZIhvcNAQkBFhtwb3N0bWFzdGVyQG1haWwtYXJjaGl2 ZS5jb20xHTAbBgNVBAMMFHd3dy5tYWlsLWFyY2hpdmUuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9UjxZTwoywpM7YkDKmaxOxBjgTGaSW8jWvq lTRMy0/JqYhlyOapQC2Y33oOfm4bctRi2CEs0a7VgeMbPxd7+AXLy7I88ExRTfVp HTcdZfTootxgnYkqbl7iEa00izktAmDi8+fqhmo+gc7cwocGbr7t53oXlVzHhx/q O4CQaRSzfKD2/RfeVvIya6sweK/nxdtXfcof83+maSRAy+6rHSZVCPm7nuehgXrE /awSxEkH9zBzrjqyKNWY7urY4Omru6gCwES4fAb4pqkemSH95zKsyqk7I+RMs62q g3PMPXhegMGj7wlEweMCaB5l79QOwV1y1Eic6cki8FQ3uQs3PQIDAQABo4IFADCC BPwwCwYDVR0PBAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAJ BgNVHRMEAjAAMB0GA1UdDgQWBBTpW/8bgTDIwHBUZjJ65ePLjSOhszAfBgNVHSME GDAWgBSh4Z5FJXlNBtkCF5KC1TCJciUUoDCBjgYIKwYBBQUHAQEEgYEwfzA5Bggr BgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczQvc2Vy dmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0 cy9zdWIuY2xhc3M0LnNlcnZlci5jYS5jcnQwNQYDVR0fBC4wLDAqoCigJoYkaHR0 cDovL2NybC5zdGFydHNzbC5jb20vY3J0NC1jcmwuY3JsMHYGA1UdEQRvMG2CFHd3 dy5tYWlsLWFyY2hpdmUuY29tghBtYWlsLWFyY2hpdmUuY29tghNnby5tYWlsLWFy Y2hpdmUuY29tghhtYWlsbWFuLm1haWwtYXJjaGl2ZS5jb22CFG1pZC5tYWlsLWFy Y2hpdmUuY29tMCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzCC AZsGA1UdIASCAZIwggGOMAsGCSsGAQQBgbU3AjANBgsrBgEEAYG1NwEBATCCAW4G CysGAQQBgbU3AQIDMIIBXTAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNz bC5jb20vcG9saWN5LnBkZjAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5zdGFydHNz bC5jb20vZXh0ZW5kZWQucGRmMIH4BggrBgEFBQcCAjCB6zAnFiBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG/VGhpcyBjZXJ0aWZpY2F0ZSB3 YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgRXh0ZW5kZWQgVmFsaWRhdGlvbiBy ZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGljeSwgcmVsaWFuY2Ug b25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29tcGxpYW5jZSBvZiB0 aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wggF9BgorBgEEAdZ5AgQCBIIB bQSCAWkBZwB2AM21F5t/wcBG/uoxE2o/jwAuYYL6+Ilv7Miy9bWrYEkAAAABUgbc a6EAAAQDAEcwRQIgAuP+zfMpzgYKfQ/D2K8h+Fy4l07RS+E9dbex4jDbg/gCIQC9 u4yYCr1FPOXe9NR0zG806GlqxPiLOh2fC14oblnHjQB2AGj2mPgfZIK+OozuuSgd TPxxUV1nk9RE0QpnrLtPT/vEAAABUgbcbPMAAAQDAEcwRQIgYd5Q9x+4Eyty3+8Z fOhArFwU06D61aqjgnXkk0A68y8CIQDfd+bTpsy2fn1hqJmvIQtid6pCIkO57dwL VVSRGdNpiQB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABUgbc b0EAAAQDAEYwRAIgFfRlh5jutKv7RyVvmRhrpQgqNAY0wk3TO/EFQqYtWCcCIBDp dSmcVbZhsdaFVVLBFlHib3n17x3nHLY/+90nhCD8MA0GCSqGSIb3DQEBCwUAA4IB AQCzc/vXVY69pYoXvR5mvEO83lFEM4+1QqJxQ5kB/lmb1F1BvhFBdbVxbKDPsRy+ w16BUrKxDx70B1cCib8bu7IGFmSw1cfpVO7Syx4vK4OWEh/L08uwKUNC/+h52tRv EDjZPQGXLqhSQ0O/rdgZAR9gzAhiXCjHZgkfewtQi1RUpJFtSNIYolkCZtz67YL2 Qt9o9dw0GLRczd+722WAMT3zlkgXYG7oB2m6X8IlLp5CVDZprwqXLrsBOoB55EDJ IRK7NEMxIrCLcmK4ba/NN3nMwPaDtdk2R7yslzCWS09eGBJ8CbmORlKOJtIzpQn0 tdS2SFpW9fvtp0aq5Zoh8uWJ -----END CERTIFICATE----- subject=/jurisdictionC=US/jurisdictionST=California/businessCategory=Private Organization/serialNumber=C2578355/C=US/ST=California/L=Saratoga/postalCode=95070/street=16200 Sanborn Road/O=Mail-Archive, Inc./emailAddress=postmas...@mail-archive.com/CN=www.mail-archive.com issuer=/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Extended Validation Server CA --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4577 bytes and written 441 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: FF6E7BA303C5A71743F9A74E38E02636AB49A79237D0C9C04FEF2715F22697D5 Session-ID-ctx: Master-Key: A18E7D13ADF0C8B7704C2C270A6FF69517D3D09D832BBACC63C8E04D97B2A7D4EC3EAF37D48A8A96C7B21B7E1CFEB914 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - fd a3 50 dc ea a0 74 62-ec ed ed fa 2f f1 c6 6d ..P...tb..../..m 0010 - f8 7d 7d 54 e4 d6 80 b0-7d 0e bd 44 08 d1 7f 9c .}}T....}..D.... 0020 - 10 83 ea 6d e4 9e 56 14-6a 4f a0 e1 f2 6e 4a 40 ...m..V.jO...nJ@ 0030 - e6 05 4c 67 c1 ea 5b 55-a7 5d a0 a1 78 5b 30 04 ..Lg..[U.]..x[0. 0040 - 01 31 b8 1a 3d d2 da b0-57 12 36 e4 50 48 5b eb .1..=...W.6.PH[. 0050 - 86 16 d0 30 ce e9 d3 2e-be 01 7c 93 de 78 e0 87 ...0......|..x.. 0060 - 4e 10 46 50 25 1f e2 cd-13 af 7e 63 ca 64 f8 77 N.FP%.....~c.d.w 0070 - 66 a2 9e f6 a6 ae d8 92-08 4b 84 3f 3d 5e ad 12 f........K.?=^.. 0080 - 02 7d 5d a9 2e 19 5e 56-05 dd 83 82 a2 7f 92 8f .}]...^V........ 0090 - 21 78 1d 25 a7 2f db 7c-ee c4 bb 9c bd 5c 89 4b !x.%./.|.....\.K 00a0 - 1c 05 61 36 b7 34 a2 52-7d f1 45 65 32 0e d1 b9 ..a6.4.R}.Ee2... 00b0 - 77 ce 3d f8 2f 59 d2 97-31 e1 80 11 7c 2d f3 e2 w.=./Y..1...|-.. Start Time: 1452378438 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- closed _______________________________________________ Gossip mailing list https://www.mail-archive.com/gossip@mail-archive.com https://www.mail-archive.com/cgi-bin/mailman/options/gossip