TLS handshake failure - Domain Mismatch

Beginner

Posts: 5 Points: 2 Rating: 0 Authority: 0 Joined: 05 June 2005

05 June 2005 20:43:26

Hi,

I'm using TLS on IMAP and, although I've added the certificate to the trusted list, TB! is unable to connect to the server because "The server host name does not match the certificate.".

Some info and a log dump:

+ [machine1.myhost.com] is the machine my host uses for the shared certificate.

+ [mail.mydomain.net] is the address to may mail server hosted by my host.

+ the log dump:

Code

06-06-2005, 02:26:38: IMAP - Initiating TLS handshake
06-06-2005, 02:26:38: IMAP - Certificate S/N: [snipped], algorithm: RSA (1024 bits), issued from 23 Mai 2005 to 23 Mai 2006, for 1 host(s): machine1.myhost.com.
06-06-2005, 02:26:38: IMAP - Owner: US, Unknown, Unknown, Unknown, Unknown, machine1.myhost.com, ssl.net.
06-06-2005, 02:26:38: IMAP - This certificate is self-issued.
06-06-2005, 02:26:38: IMAP - TLS handshake failure. The server host name ("mail.mydomain.net") does not match the certificate.
06-06-2005, 02:26:38: IMAP - Could not connect to the server

When using Thunderbird I used the get a message alerting to this domain mismatch but could override it. Can it be done using TB!?

Thank you,
AD

Maxim Masiutin Guru Posts: 644 Points: 1158 Rating: 23 Authority: 23 Joined: 09 September 2003	#2 0 07 June 2005 08:46:13 We do not plan to let The Bat! connect to a host with mismatching certificate.

five0s Beginner Posts: 2 Points: 1 Rating: 0 Authority: 0 Joined: 08 September 2005	#3 0 08 September 2005 11:31:04 Any work arounds?

Roelof Otten Guru Posts: 2963 Points: 5336 Rating: 60 Authority: 60 Joined: 19 September 2004	#4 0 08 September 2005 11:35:52 Yes, tell your ISP to use a certificate matching their domain. __________________________________ I'm just a user of The Bat! I don't work for Ritlabs.

five0s Beginner Posts: 2 Points: 1 Rating: 0 Authority: 0 Joined: 08 September 2005	#5 0 08 September 2005 14:12:37 It's actually mail.mydomain.com and the ssl cert is through myhost.com. It's not through my ISP.

Maxim Masiutin Guru Posts: 644 Points: 1158 Rating: 23 Authority: 23 Joined: 09 September 2003	#6 0 15 September 2005 14:07:48 As a workaround, you can modify the hosts file in the \WINDOWS\system32\drivers\etc\ directory. Add the machine1.myhost.com (the address from the certificate) entry to the hosts file with the IP address from the mail.mydomain.net (the actual addres of your mail server) and in The Bat! configure machine1.myhost.com as the mail server.

Gena Serdyuk User Posts: 1 Rating: 0 Authority: 0 Joined: 02 July 2009	#7 0 02 July 2009 18:43:57 > We do not plan to let The Bat! connect to a host with mismatching certificate. Please, think about that. It is frequent issue, and users would be happy to have checkbox, which would allow them to receive email even if their ISP or admins does not make certificates right. That will make life easier.

xi5745 Beginner Posts: 8 Points: 4 Rating: 0 Authority: 0 Joined: 15 March 2007	#8 0 19 December 2009 14:18:06 Thunderbird (is free email client) allows certificate exceptions.

Products

Support

News

Company

Community