Pages: 1
RSS
Unknown CA certificate (v.4.0.34 pro), Unknown CA certificate error occur in v.4.0.34 pro when fetching mail for multiple accounts
 
When I fetch mail with "get new mail for all" method I get Unknown CA certificate errors for some google accounts.

>12/4/2017, 17:58:10: FETCH - Certificate S/N: 6F38610ED335B60E, algorithm: RSA (2048 bits), issued from 11/21/2017 4:07:47 PM to 2/13/2018 3:20:00 PM, for 1 host(s): pop.gmail.com.
>12/4/2017, 17:58:10: FETCH - Owner: US, California, Mountain View, Google Inc, pop.gmail.com.
>12/4/2017, 17:58:10: FETCH - Issuer: US, Google Trust Services, Google Internet Authority G3.
>12/4/2017, 17:58:10: FETCH - Issuer: GlobalSign Root CA - R2, GlobalSign, GlobalSign.
!12/4/2017, 17:58:10: FETCH - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).

But I have this certificate imported already! When I fetch individual accounts all goes well. Only when I fetch all accounts at once things go wrong. It looks like things happen too quickly. Is there a way to introduce pauses between consecutive accounts fetch mail?

It started to happen few weeks ago. It was all OK before.
 
It's puzzling that this happens only when you check all accounts, but not when you check this account individually. Do you have multiple gmail accounts that are checked at the same time?

You write "I have this certificate imported already" but it's actually a chain of multiple certificates (Owner, Issuer and Issuer/Root) that must be present. Did you check if you have all three? (I guess you have, or else it would not work when you check just this one account..)
I volunteer as a moderator to help keep the forum tidy. I do not work for Ritlabs SRL.
 
In the mean time things have changed. I have learned, that running The Bat under windows 10 and switching from internal implementation of certificates handling  to Microsoft CryptoApi in settings cured the problem, for now at least. Under windows 7 problem does not go away, it gets worse. Now, unlike before, even the single account fetch throws errors. And to which certificates have I imported: all these the Bat complained about. In above case - GlobalSign root and google G3. So no pause between fetches is now needed, as it is irrelevant to the problem now. And I had to stop using Bat v4 under win7, and Bat v8 I cannot test because of trial limitations, as I have written in another topic.
 
Quote
bob foormanek wrote:
Under windows 7 problem does not go away, it gets worse. Now, unlike before, even the single account fetch throws errors.
This suggests that the relevant certificates in Windows 7's certificate store have expired (with the Microsoft CryptoApi that you now use, The Bat won't use the certificates from its address book). Microsoft Support has several articles about how to solve this.

Quote
Bat v8 I cannot test because of trial limitations, as I have written in another topic.
When you installed v8 did you update your existing installation? I did, when I upgraded from v3 to v7, and normal operation (including fetching mail from all accounts) wasn't hindered by any obtrusive nag screens. That was before I got a license for v7, which I only bought after verifying that everything was still working. Could it be that The Bat thought that your 30-day trial period had already expired?
I volunteer as a moderator to help keep the forum tidy. I do not work for Ritlabs SRL.
 
Quote
Daniel van Rooijen wrote:
This suggests that the relevant certificates in Windows 7's certificate store have expired (with the Microsoft CryptoApi that you now use, The Bat won't use the certificates from its address book). Microsoft Support has several articles about how to solve this.

When you installed v8 did you update your existing installation? I did, when I upgraded from v3 to v7, and normal operation (including fetching mail from all accounts) wasn't hindered by any obtrusive nag screens. That was before I got a license for v7, which I only bought after verifying that everything was still working. Could it be that The Bat thought that your 30-day trial period had already expired?
I presume certificates in windows 7 to be OK, because only The Bat complains. Operations thru web browsers, thunderbird and some other email client which I do not remember the name of, all went without error.

Secondly, I just have tried Batv8 on another computer, installed on top of v4 without any fiddling. Nag screen shows progress bar 1 out of 30 and nag screens pop between accounts in Connection centre batch fetch. So, for me, this must be intentional. No errors show though, but between fetches I have to find the nag and click to have the batch go any further. This is not a proper check for me.
 
Quote
bob foormanek wrote:
I presume certificates in windows 7 to be OK, because only The Bat complains. Operations thru web browsers, thunderbird and some other email client which I do not remember the name of, all went without error.

I don't think webmail connects you to the actual mail server. Thunderbird has its own certificate store.

Quote
No errors show though, but between fetches I have to find the nag and click to have the batch go any further. This is not a proper check for me.

Maybe you should contact Ritlabs and ask them if you can purchase an upgrade on the condition that you'll get your money back, if you should continue to get errors when polling all accounts?
I volunteer as a moderator to help keep the forum tidy. I do not work for Ritlabs SRL.
 
I have a certificate issue also:

>12/24/2017, 06:18:20: FETCH - Certificate S/N: 04BEBB1D, algorithm: RSA (512 bits), issued fr om 12/24/2017 12:07:47 PM to 12/19/2037 12:07:47 PM, for 2 host(s): server.jerlyn.net, www.server.jerlyn.net.
>12/24/2017, 06:18:20: FETCH - Owner: Domain Control Validated, PositiveSSL, server.jerlyn.net.
>12/24/2017, 06:18:20: FETCH - Issuer: Domain Control Validated, PositiveSSL, server.jerlyn.net.
!12/24/2017, 06:18:20: FETCH - TLS handshake failure. Invalid server certificate. The certificate or one of the certificates in the certificate chain does not have a valid signature.. The certificate or certificate chain is based on an untrusted root.

Have no idea wh ere its getting that certificate.  Please advise.
 
Jerry: The Bat is getting that certificate from server.jerlyn.net. You'd have to examine the certificate to see on which root certificate it is based, and then (if you trust that root) obtain the root certificate and import it into the address book, as follows:

- Open the address book in The Bat! and make sure "View/Certificate Address Books" is enabled.
- Select the Trusted Root CA address book and create a new contact there.
- Open the properties of that contact and go to the "Certificates" tab.
- Import the certificate.
I volunteer as a moderator to help keep the forum tidy. I do not work for Ritlabs SRL.
Pages: 1