Pages: 1
RSS
"Unknown CA Certificate" or Certificate Mismatch, POP client configuration problem - But it works in Outlook
 
Hello,

I'm attempting to configure a POP3 account in TheBat! v8.2.4 64-bit.  Just to make sure the POP server I'm using was working properly I set up a pop email account in Microsoft Outlook (which I hate), and it works perfectly.  However, when I enter the same settings into TheBat! it doesn't work (although the SMTP side of things does work in both TheBat! and Outlook).

When I tell TheBat! to check for new mail it first pops up the "Unknown CA Certificate" window.  If I simply tell it to continue anyway I get the following:
1/26/2018, 16:14:22: FETCH - TLS handshake complete
1/26/2018, 16:14:22: FETCH - connected to POP3 server
1/26/2018, 16:14:23: FETCH - authenticated (plain)
1/26/2018, 16:14:26: FETCH - TLS connection completed successfully
!1/26/2018, 16:14:26: FETCH - Connection to host broken (last commands sent were: "PASS", "STAT")

If I instead tell it to "Add to Trusted" I get the following:
>1/26/2018, 16:15:00: FETCH - Certificate S/N: FA637C, algorithm: RSA (512 bits), issued from 1/26/2018 11:11:01 AM to 1/21/2038 11:11:01 AM, for 26 host(s): legacy.pop.mail.yahoo.com, pop.mail.yahoo.com, *.pop.mail.yahoo.com, pop.bizmail.yahoo.com, pop.mail.yahoo.com.ar, pop.mail.yahoo.com.au, pop.mail.yahoo.com.br, pop.mail.yahoo.com.hk, pop.mail.yahoo.com.my, pop.mail.yahoo.com.ph, pop.mail.yahoo.com.sg, pop.mail.yahoo.com.tw, pop.mail.yahoo.com.vn, pop.mail.yahoo.co.id, pop.mail.yahoo.co.in, pop.mail.yahoo.co.kr, pop.mail.yahoo.co.th, pop.mail.yahoo.co.uk, pop.mail.yahoo.ca, pop.mail.yahoo.de, pop.mail.yahoo.fr, pop.mail.yahoo.in, pop.mail.yahoo.it, pop.correo.yahoo.es, pop.y7mail.com, pop.att.yahoo.com.
>1/26/2018, 16:15:00: FETCH - Owner: "US", "California", "Sunnyvale", "Yahoo Inc.", "Information Technology", "legacy.pop.mail.yahoo.com".
>1/26/2018, 16:15:00: FETCH - This certificate is self-issued.
!1/26/2018, 16:15:00: FETCH - TLS handshake failure. The server host name ("inbound.att.net") does not match the certificate.

I've tried deleting and adding the certificate several times but the results are the same.  I've also completely deleted and reinstalled the account in TheBat! several times.

Thanks,
Ray Mitchell
 
It looks like you have entered this mail server address: inbound.att.net

In the AT&T forums, it is suggested that you should try legacy.pop.mail.yahoo.com instead (which is supported by the certificate).
 
Thanks for the suggestion but it didn't work.  I have several att.net accounts with POP3 enabled and they all exhibit the same symptoms with TheBat!, but not with Outlook or a custom email application I've written using C#.  I'm wondering if there's a semi-easy way to examine the actual packet transfers to see what the difference is.  I used Wireshark for this years ago but I don't really want to go to that level if there's an easier way.
 
Does anyone happen to know why the particular certificate referred to above got loaded and where it came from?  I know that it's a Yahoo certificate but did it come from the POP server I'm attempting to access or from TheBat! itself, or somewhere else?  Would it be possible for me to get the right one somehow and install it?

Actually, for some reason POP now works if I delete the certificate and each time the "Unknown CA Certificate" window comes up I simply tell it to continue anyway.  I don't know if this means it isn't using the certificate but the bottom line is that at least it's working.  Is there some setting in TheBat! that will tell it to automatically "continue anyway" every time so I don't have to manually click OK every time it checks the server for email?
Edited: Ray Mitchell - 27 January 2018 11:08:40
 
Finally fixed!  I just got finished with a long and exasperating online chat with a person at AT&T support who knew even less than I do, which I didn't think was possible!  Although he didn't have a clue about certificates or much else he did inadvertently mention that I could use pop.mail.yahoo.com as a server instead of inbound.att.net, and that solution (which was similar to what Daniel van Rooijen suggested above) worked.  I'd still like to know why the wrong certificate shows up for inbound.att.net but the main thing is that it's working now.  Thanks for all the responses.
Edited: Ray Mitchell - 27 January 2018 12:45:10
 
Glad to hear that you have it working now!  

If it had NOT worked, I'd have suggested that you try this workaround: Go to Options | S/MIME and TLS and tell The Bat to use Microsoft's CryptoAPI instead of its own certificate store. Just adding that here in case that someone else is stuck with the same problem :-)
Pages: 1