Re: Problems with pop3s on Outlook Express
Hi there, On Wed, 31 Oct 2001, Tom Karches wrote: Corin Hartland-Swann wrote: I've replaced the 'localhost' certificates with mine, and it now works fine on Windows 2000, and almost works with MacOS. When you hit Send Receive Mail on MacOS it prompts you for a password. I found a reference to this at http://ist.uwaterloo.ca/security/IST-CA/ IE5/Mac problems: Internet Explorer v5 for the Mac/Apple has several notable bugs -- it does not import our certificate properly (for reasons which escape us it wants to save it with a password which means every time you use it you need to recall that password). You should use Netscape on the Mac/Apple platform if you access secure pages protected by our certificate. 16-Feb-2001. FWIW, I have been unable to get IE on the Mac or PC to accept certificates from a CA other than the ones that are part of the default set. Self-signed certificates cause IE on the Mac to generate an endless stream of errors. Do you know which version and build you were using? I finally gave up and purchased a certificate from Thawte and everything works perfectly now. It seems to work OK with mine (version 5.0, build 2022) except for the password bit. It's not too bad because you can set an empty password, and it seems to only prompt once per session (i.e. until you exit Outlook/Explorer and then go back in). But I would like to sort it out because it doesn't make any sense prompting for it when there's no password set. Thanks, Corin /+-\ | Corin Hartland-Swann |Tel: +44 (0) 20 7491 2000| | Commerce Internet Ltd |Fax: +44 (0) 20 7491 2010| | 22 Cavendish Buildings | Mobile: +44 (0) 79 5854 0027| | Gilbert Street | | | Mayfair|Web: http://www.commerce.uk.net/ | | London W1K 5HJ | E-Mail: [EMAIL PROTECTED]| \+-/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problems with pop3s on Outlook Express
, both of them are 'pop.commerce.uk.net'. If I hit No it gives me a further error message Error Number 0x800CCC1A I tried the same setup on Outlook Express for Macintosh, and this gives me a messages saying Unable to establish a secure connection to localhost. There is a problem with the security certificate from that server. Use Internet Explorer to install the correct certificate. If you continue, the information you view and send will not be secure. If I hit Stop it gives me a further error message The identity certificate has expired. Error 3002. On both Windows 2000 and MacOS 9.1, if I tell it to proceed anyway then it correctly downloads e-mail over the secure connection. My problem is how to get rid of these messages, and make Outlook correctly identify the POP server. I have tried importing the mail server certificate into Explorer on both platforms (although I'm fairly sure you don't have to do this, and that it is sent when the SSL connection is established). That didn't help. I have also tried putting the CA certificate onto the server in /usr/lib/ssl/certs/ - but that didn't help either, or change the messasge I got above using s_client. Does anyone have any suggestions of what I might be doing wrong? If it helps then please feel free to connect to pop.commerce.uk.net:pop3s using s_client. Many Thanks, Corin /+-\ | Corin Hartland-Swann |Tel: +44 (0) 20 7491 2000| | Commerce Internet Ltd |Fax: +44 (0) 20 7491 2010| | 22 Cavendish Buildings | Mobile: +44 (0) 79 5854 0027| | Gilbert Street | | | Mayfair|Web: http://www.commerce.uk.net/ | | London W1K 5HJ | E-Mail: [EMAIL PROTECTED]| \+-/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems with pop3s on Outlook Express
Hi Gregory, On Fri, 26 Oct 2001, Gregory Stark wrote: As can be seen from your post, the certficate being sent does NOT have pop.commerce.uk.net as the common name (CN) of the Subject: the CN is 'localhost'. It appears to be some kind of canned test certificate and private key, but I'm not familiar enough with UW-IMAP to know if it comes with such a beast. Maybe you concatented the wrong files? Thanks - I'm a newcomer to setting up SSL, and I didn't know what to look for in the s_client output. It turns out that there were existing pop3s and imaps certificates installed along with US-IMAP in the RPM, made out to localhost. This is somewhat braindead. What was even more braindead was that the location of the certificates had been changed from /usr/lib/ssl/certs to /usr/share/ssl/certs without updating the documentation. I've replaced the 'localhost' certificates with mine, and it now works fine on Windows 2000, and almost works with MacOS. When you hit Send Receive Mail on MacOS it prompts you for a password. I found a reference to this at http://ist.uwaterloo.ca/security/IST-CA/ IE5/Mac problems: Internet Explorer v5 for the Mac/Apple has several notable bugs -- it does not import our certificate properly (for reasons which escape us it wants to save it with a password which means every time you use it you need to recall that password). You should use Netscape on the Mac/Apple platform if you access secure pages protected by our certificate. 16-Feb-2001. I have successfully set it up with an empty password, and you just have to hit OK and it picks up the e-mail, but it's really annoying for our users. Does anyone know of any way to disable this? Could it be related in any way to this problem: 3) Imported the CA certificate into Explorer on MacOS 9.1, and checked that it is listed. In this case, even after several attempts, the fingerprint listed by Explorer does not match any of the MD2, MD5, SHA1 or MDC2 fingerprints. I don't understand this, but am fairly sure that no-one is intercepting and replacing the key in transit. explorer produces the same fingerprint each time, so it doesn't look like it has been corrupted either. Eventually I decided to just add the certificate and see what happened. And have you got any idea what this might be? Are there any other fingerprint types? Many Thanks, Corin /+-\ | Corin Hartland-Swann |Tel: +44 (0) 20 7491 2000| | Commerce Internet Ltd |Fax: +44 (0) 20 7491 2010| | 22 Cavendish Buildings | Mobile: +44 (0) 79 5854 0027| | Gilbert Street | | | Mayfair|Web: http://www.commerce.uk.net/ | | London W1K 5HJ | E-Mail: [EMAIL PROTECTED]| \+-/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
