Certificate expired - The Bat! Pro 6.24

User

Posts: 33 Points: 25 Rating: 1 Authority: 1 Joined: 27 March 2011

29 January 2014 04:30:59

Hello,

I've just run into a situation with The Bat! Pro v6.24 and Outlook.com (Hotmail). It appears that the certificate has expired. Is there a source where I can download and install a new certificate?

Following is the account log:

29/01/2014, 15:23:52: FETCH - Initiating TLS handshake
>29/01/2014, 15:23:53: FETCH - Certificate S/N: 1121E5D2F8EB30BEF32A61A5BF8D982FBE6F, algorithm: RSA (2048 bits), issued from 4/24/2013 8:35:09 PM to 4/24/2016 8:35:09 PM, for 4 host(s): *.hotmail.com, *.live.com, *.outlook.com, hotmail.com.
>29/01/2014, 15:23:53: FETCH - Owner: "US", "Washington", "Redmond", "Microsoft Corporation", "*.hotmail.com".
>29/01/2014, 15:23:53: FETCH - Issuer: "BE", "GlobalSign nv-sa", "GlobalSign Organization Validation CA - G2".
>29/01/2014, 15:23:53: FETCH - Root: "BE", "GlobalSign nv-sa", "Root CA", "GlobalSign Root CA"
!29/01/2014, 15:23:53: FETCH - TLS handshake failure. Invalid server certificate (This certificate has expired).

Thanks!

Jan

Edited: Jan Smoller - 29 January 2014 06:29:04

Alexandros Beginner Posts: 5 Points: 2 Rating: 0 Authority: 0 Joined: 26 January 2012	#2 0 29 January 2014 10:19:29 Seconded. It's really frustrating.

Jan Smoller User Posts: 33 Points: 25 Rating: 1 Authority: 1 Joined: 27 March 2011	#3 0 29 January 2014 10:37:32 Hello Alexandros, As a temporary measure you can switch to the Microsoft CryptoAPI. Options>S/MIME and TLS. Click the radio button Microsoft CryptoAPI (Microsoft certificate store) then OK. Hotmail/Outlook/Windows Live should work again. Hope this helps. Regards, Jan

Marcin Szopa

User

Posts: 1 Rating: 0 Authority: 0 Joined: 29 January 2014

29 January 2014 10:38:55

Same here, I cant connect to my local provider, it looks pretty the same (PL version):

>2014-01-28, 20:44:35: FETCH - Nr certyfikatu: 1121D8630149F15ACE3109ACD767B39FECDA, algorytm: RSA (2048 bitow), wazny od 2014-01-08 14:28:02 do 2017-01-08 14:28:02, dla 1 węzłów: post.pl.
>2014-01-28, 20:44:35: FETCH - Wlasciciel: "PL", "Domain Control Validated", "post.pl".
>2014-01-28, 20:44:35: FETCH - Wystawca: "AlphaSSL", "AlphaSSL CA - G2".
>2014-01-28, 20:44:35: FETCH - Glowny: "BE", "GlobalSign nv-sa", "Root CA", "GlobalSign Root CA"
!2014-01-28, 20:44:35: FETCH - Błąd fazy potwierdzania TLS: Niewazny certyfikat serwera (Ten certyfikat wygasl).

Its problably global problem, few others peoples:
http://thebat.pl/forum/viewtopic.php?id=1481&p=7

I tested it on version 5 and 6.

Alexandros

Beginner

Posts: 5 Points: 2 Rating: 0 Authority: 0 Joined: 26 January 2012

29 January 2014 23:28:05

Quote
Jan Smoller wrote: Hello Alexandros, As a temporary measure you can switch to the Microsoft CryptoAPI. Options>S/MIME and TLS. Click the radio button Microsoft CryptoAPI (Microsoft certificate store) then OK. Hotmail/Outlook/Windows Live should work again. Hope this helps. Regards, Jan

Thanks for replying Jan, it works indeed

I'd still prefer a permanent solution though - the way I see it, yours is just a workaround, isn't it?

Jan Smoller

User

Posts: 33 Points: 25 Rating: 1 Authority: 1 Joined: 27 March 2011

31 January 2014 03:02:35

Ok Alexandros,

Yes, this was temporary.

Here is the procedure for a permanent solution. This is from the Ritlabs Polish forum:

"There is no need to change the configuration of The Bat! because the cause of problem is the loss of validity of the certificate from GlobalSign Root CA, which quite often occurs as a principal in the paths of certification. Certificate expired on 28/01/2014, but it's new.

1 Download the new certificate file (. Crt), available at http://secure.globalsign.net/cacert/Root-R1.crt
2 Open the address book in The Bat!
3 Choose a Trusted Root CA certificates
4 Search the database entry "GlobalSign Root CA" and open the entry
5 In the "Certificates" button "Remove" to remove the old certificate valid until 28.01.2014
6 Import the new certificate from the downloaded file. "

I followed this procedure and it does indeed correct the expired certificate problem. Don't forget to switch back to TB internal certificate processing.

Regards,

Jan

Edited: Jan Smoller - 31 January 2014 03:04:10

Keith Sullivan

Beginner

Posts: 7 Points: 3 Rating: 0 Authority: 0 Joined: 06 October 2009

01 February 2014 22:31:43

Quote
Jan Smoller wrote: switch back to TB internal certificate processing.

Thanks, I was having this problem too and your advice solved it.

Just one follow-up question, as I am unfamiliar with certificate handling: how do I 'switch back to TB internal certificate processing' ?

Thanks.

Jan Smoller User Posts: 33 Points: 25 Rating: 1 Authority: 1 Joined: 27 March 2011	#8 0 02 February 2014 13:45:09 Options>S/MIME and TLS, then click radio button Internal Implementation. EZ... Regards, Jan

Alexandros Beginner Posts: 5 Points: 2 Rating: 0 Authority: 0 Joined: 26 January 2012	#9 0 03 February 2014 01:24:43 Jan, you're a life saviour

Keith Sullivan

Beginner

Posts: 7 Points: 3 Rating: 0 Authority: 0 Joined: 06 October 2009

#10

03 February 2014 16:11:30

Quote
Jan Smoller wrote: Options>S/MIME and TLS, then click radio button Internal Implementation. EZ... Regards, Jan

Thanks - all sorted now.

Maxim Masiutin Guru Posts: 644 Points: 1158 Rating: 25 Authority: 25 Joined: 09 September 2003	#11 0 05 February 2014 20:40:02 Anyway, version 6.2.8 resolves this issue.

wendy

Beginner

Posts: 2 Points: 1 Rating: 0 Authority: 0 Joined: 07 February 2014

#12

07 February 2014 04:12:07

Unknown CA Certificate -- The Bat Email Client (Professional Edition Version 3.0)

Anyone has success configuring the Bat with out receiving and sending a "Unkown CA certificate" via Yahoo.

Screen shot:
The server didn't provide a root certificate during the session, and there is no corresponding root certificate in your address book. this connection may not be secure. Please contact your server administrator. Continue anyway?

Account log:
FETCH - Initiating TLS handshake
FETCH - Certificate S/N: 0A50D3D2EFF8A56E0EDB2392CE8B38CB, algorithm: RSA (2048 bits), issued from 26 September 2013 to 24 November 2015, for 20 host(s): legacy.pop.mail.yahoo.com, pop.mail.yahoo.de, pop.mail.yahoo.fr, pop.mail.yahoo.it, pop.correo.yahoo.es, pop.mail.yahoo.com.ar, pop.mail.yahoo.com.br, pop.mail.yahoo.ca, pop.mail.yahoo.com.au, pop.mail.yahoo.co.id, pop.mail.yahoo.co.in, pop.mail.yahoo.co.th, pop.mail.yahoo.com.hk, pop.mail.yahoo.com.my, pop.mail.yahoo.com.ph, pop.mail.yahoo.com.sg, pop.mail.yahoo.com.vn, pop.mail.yahoo.co.kr, pop.mail.yahoo.com.tw, pop.mail.yahoo.in.
FETCH - Owner: US, CA, Sunnyvale, Yahoo! Inc., legacy.pop.mail.yahoo.com.
FETCH - Issuer: US, DigiCert Inc, www.digicert.com, DigiCert High Assurance CA-3.
FETCH - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).

Otherwise it sends and receives...I see this message each time I send or receive ...I click OK to continue and it works fine.

Thanks,

Wendy

Edited: wendy - 07 February 2014 04:15:25

Dan Yu

User

Posts: 1 Rating: 0 Authority: 0 Joined: 15 February 2014

#13

15 February 2014 09:41:43

Quote
Alexandros wrote: Jan , you're a life saviour

Super! work perpect

eLUXURY online store

space quakes User Posts: 1 Rating: 0 Authority: 0 Joined: 25 April 2015	#14 0 25 April 2015 19:17:22 I have been using TheBat! 3.0 Prof. forever without any problems. Then, all of a sudden, I get the TLS handshake failure - unsupported certificate . I followed the instructions in post #6, but without success. Anything else I should be looking at, any other suggestions?? I miss my email client!! Thanks, in advance. Edited: space quakes - 26 April 2015 20:51:28

Michel Thibodeau User Posts: 9 Points: 12 Rating: 2 Authority: 2 Joined: 05 March 2017	#15 0 05 March 2017 16:27:57 Thanks Jan Smoller (post #3), your solution works fine.

Products

Support

News

Company

Community