Hello. I can't check mails by TLS from one of providers due to expiration of Sectigo AddTrust External CA Root.
I am user of Voyager version 6.8.4.1 (i know it is quite old version but it worked till now without much issues).
The provider certificate is valid till march 2021 but when i try to check for new mails or send mails i get (sorry for local names):
>2020-06-22, 17:14:16: FETCH - Wystawca: "GB", "Greater Manchester", "Salford", "Sectigo Limited", "Sectigo RSA Domain Validation Secure Server CA". Ważny od 2018-11-02 do 2030-12-31 23:59:59.
>2020-06-22, 17:14:16: FETCH - Wystawca: "US", "New Jersey", "Jersey City", "The USERTRUST Network", "USERTrust RSA Certification Authority". Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38.
>2020-06-22, 17:14:16: FETCH - Główny: "SE", "AddTrust AB", "AddTrust External TTP Network", "AddTrust External CA Root" Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38. Ten certyfikat wygasł!
!2020-06-22, 17:14:16: FETCH - Błąd fazy potwierdzania TLS: Nieważny certyfikat serwera (Ten certyfikat wygasł).
Steps i took:
I have installed new set of Sectigo AAA cross certificates in Windows 7:
AAACertificateServices.crt, SSLcomDVCA_2.crt, USERTrustRSAAAACA.crt, and removed expired AddTrust External CA Root and USERTrust RSA Certification Authority.
It didn't change the outcome.
Then i removed RootCA.EBD and IntermCA.EBD as some forum user suggested and the outcome is now:
>2020-06-22, 17:22:18: FETCH - Wystawca: "GB", "Greater Manchester", "Salford", "Sectigo Limited", "Sectigo RSA Domain Validation Secure Server CA". Ważny od 2018-11-02 do 2030-12-31 23:59:59.
>2020-06-22, 17:22:18: FETCH - Wystawca: "US", "New Jersey", "Jersey City", "The USERTRUST Network", "USERTrust RSA Certification Authority". Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38. Ten certyfikat wygasł!
>2020-06-22, 17:22:18: FETCH - Brak wydawcy: "SE", "AddTrust AB", "AddTrust External TTP Network", "AddTrust External CA Root".
!2020-06-22, 17:22:18: FETCH - Błąd fazy potwierdzania TLS: Nieważny certyfikat serwera (Ten certyfikat wygasł).
TheBat is still trying to go by old "AddTrust External CA Root" and "USERTrust RSA Certification Authority" even if i have removed them from system.
Is TheBat unable to take alternative chain path? Is it TheBat fault, or mail provider fault for pointing such chain to verify?
I am user of Voyager version 6.8.4.1 (i know it is quite old version but it worked till now without much issues).
The provider certificate is valid till march 2021 but when i try to check for new mails or send mails i get (sorry for local names):
>2020-06-22, 17:14:16: FETCH - Wystawca: "GB", "Greater Manchester", "Salford", "Sectigo Limited", "Sectigo RSA Domain Validation Secure Server CA". Ważny od 2018-11-02 do 2030-12-31 23:59:59.
>2020-06-22, 17:14:16: FETCH - Wystawca: "US", "New Jersey", "Jersey City", "The USERTRUST Network", "USERTrust RSA Certification Authority". Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38.
>2020-06-22, 17:14:16: FETCH - Główny: "SE", "AddTrust AB", "AddTrust External TTP Network", "AddTrust External CA Root" Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38. Ten certyfikat wygasł!
!2020-06-22, 17:14:16: FETCH - Błąd fazy potwierdzania TLS: Nieważny certyfikat serwera (Ten certyfikat wygasł).
Steps i took:
I have installed new set of Sectigo AAA cross certificates in Windows 7:
AAACertificateServices.crt, SSLcomDVCA_2.crt, USERTrustRSAAAACA.crt, and removed expired AddTrust External CA Root and USERTrust RSA Certification Authority.
It didn't change the outcome.
Then i removed RootCA.EBD and IntermCA.EBD as some forum user suggested and the outcome is now:
>2020-06-22, 17:22:18: FETCH - Wystawca: "GB", "Greater Manchester", "Salford", "Sectigo Limited", "Sectigo RSA Domain Validation Secure Server CA". Ważny od 2018-11-02 do 2030-12-31 23:59:59.
>2020-06-22, 17:22:18: FETCH - Wystawca: "US", "New Jersey", "Jersey City", "The USERTRUST Network", "USERTrust RSA Certification Authority". Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38. Ten certyfikat wygasł!
>2020-06-22, 17:22:18: FETCH - Brak wydawcy: "SE", "AddTrust AB", "AddTrust External TTP Network", "AddTrust External CA Root".
!2020-06-22, 17:22:18: FETCH - Błąd fazy potwierdzania TLS: Nieważny certyfikat serwera (Ten certyfikat wygasł).
TheBat is still trying to go by old "AddTrust External CA Root" and "USERTrust RSA Certification Authority" even if i have removed them from system.
Is TheBat unable to take alternative chain path? Is it TheBat fault, or mail provider fault for pointing such chain to verify?