TLS handshake issues with live.com

Beginner

Posts: 3 Points: 1 Rating: 0 Authority: 0 Joined: 14 December 2012

14 December 2012 01:40:25

Hello,

Last few days I'm having problems with live.com email accounts.
It was working fine for years btw.

Any suggestions ?

This is from the log :

Quote

13.12.2012, 22:35:02: FETCH - receiving mail messages
13.12.2012, 22:35:02: FETCH - Connecting to POP3 server pop3.live.com on port 995
13.12.2012, 22:35:02: FETCH - Initiating TLS handshake
>13.12.2012, 22:35:02: FETCH - Certificate S/N: 533561C40001000024E5, algorithm: RSA (2048 bits), issued from 12/7/2012 5:30:21 PM to 12/7/2014 5:30:21 PM, for 1 host(s): pop3.live.com.
>13.12.2012, 22:35:02: FETCH - Owner: pop3.live.com.
>13.12.2012, 22:35:02: FETCH - Issuer: com, microsoft, corp, redmond, MSIT Machine Auth CA 2.
>13.12.2012, 22:35:02: FETCH - Issuer: Microsoft Internet Authority.
>13.12.2012, 22:35:02: FETCH - Issuer: IE, Baltimore, CyberTrust, Baltimore CyberTrust Root.
!13.12.2012, 22:35:02: FETCH - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
13.12.2012, 22:35:02: FETCH - TLS handshake complete

Jan Smoller User Posts: 33 Points: 25 Rating: 1 Authority: 1 Joined: 27 March 2011	#2 0 14 December 2012 03:55:25 I'm having this problem as well. I think that this is a Microsoft problem as I have an older version of TB installed on another computer and am experiencing the certificate problem as well. No solution yet... Regards, Jan

Roelof Otten Guru Posts: 2963 Points: 5336 Rating: 60 Authority: 60 Joined: 19 September 2004	#3 0 14 December 2012 20:18:21 Apparently live.com started using another certificate for their TLS sessions. According to your log Microsoft issued the certificate themselves and you don't have their root certificate in your config. Download the root certificate and import it. __________________________________ I'm just a user of The Bat! I don't work for Ritlabs.

Jan Smoller User Posts: 33 Points: 25 Rating: 1 Authority: 1 Joined: 27 March 2011	#4 0 15 December 2012 00:08:03 Where do you get the certificate? URL please? Thanks! Jan

Brop

Beginner

Posts: 3 Points: 1 Rating: 0 Authority: 0 Joined: 14 December 2012

15 December 2012 05:44:25

Okay, it's solved.

@Jan , download certificate from this link :
Link

Then in TheBat go to the Address Book , there sel ect Trusted Root CA , from the list choose Microsoft Root Certificate Authority , right click on it and select Properties, then in Certificates tab click on Import and choose downloaded certificate fr om the above link. And that's that, no more problems

Jan Smoller

User

Posts: 33 Points: 25 Rating: 1 Authority: 1 Joined: 27 March 2011

16 December 2012 02:21:16

Thanks Brop, however, I had to do it slightly different.

I did not have an address book called Trusted Root CA, so I created it and then imported the
downloaded certificate. Then I logged into pop3.live.com and got a popup saying that the entry was not in the address book and I imported it. Now it is working fine.

I did find a workaround previously. Options>S/MIME & TLS> then changed Internal (Bat address book) to Microsoft CryptoAPI.

I hope this will be of use to others.

Regards,

Jan

Brop Beginner Posts: 3 Points: 1 Rating: 0 Authority: 0 Joined: 14 December 2012	#7 0 16 December 2012 05:52:22 That address book isn't ON by default, sorry .. I missed to mention that , but if you go to View->Certificate Address Books when you open Address Book , then you will see it. Anyway, it's good that there are other solutions for that issue and that you solved it, might be useful in the future.

Products

Support

News

Company

Community