Pages: 1
RSS
The Bat! Professional, SOLUTION FOR Gmail certificate PROBLEM, Despite of config The Bat!, certificate & TLS errors avoids G! msgs
 
================================================
ADMIN, I'D LIKE YOU TO CONFIRM MY SOLUTION, PLS.
================================================


Hi!


As many, I had a PROBLEM with G! accounts on my e-mail client 'The Bat! Professional Edition 3.5', but I found a SOLUTION:


1) PROBLEM

1.1) When I tried to receive G! msgs, a box showed:

  --------------------------------------------------
  Unknown CA Certificate
  ..................................................
 
 
  The server didn't provide a root certificate during the session, and there is
  no corresponding root certificate in your adress book.
 
  This connection may not be secure. Please contact your server
  administrator.
 
 
  [View Certificate] (disabled button)
  [Add to Trusted ] (disabled button)
 
 
  Continue anyway?
 
  [ OK ] [Cancel] (enabled buttons)
  --------------------------------------------------

This means:
  (disabled buttons): 'The Bat!' seems haven't certificate for this account.
  [ OK ] : receives msgs, but required on each connection, WHAT'S BAD!
  [Cancel] : receives no msgs.


1.2) Resultant error in G! account log:

  --------------------------------------------------
  Account Log - ***@gmail.com
  ..................................................
   2009-02-14, 12:36:57: FETCH - receiving mail messages
   2009-02-14, 12:36:58: FETCH - Initiating TLS handshake
  >2009-02-14, 12:36:58: FETCH - Certificate S/N: 0838A3, algorithm: RSA (1024 bits), issued from 25 oct 2007 to 24 dec 2009, for 1 host(s): pop.gmail.com.
  >2009-02-14, 12:36:58: FETCH - Owner: US, California, Mountain View, Google Inc., pop.gmail.com.
  >2009-02-14, 12:36:58: FETCH - Issuer: US, Equifax, Equifax Secure Certificate Authority.
  !2009-02-14, 12:36:58: FETCH - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
  --------------------------------------------------

This means:
  'Equifax Secure Certificate Authority' error.


2) SOLUTION

2.1) Reconfigure 'The Bat! Professional Edition 3.5': NOT WORKED!!! :(

I follow ...

  Supported POP client list
  http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=12103
 
  Configuring other mail clients
  http://mail.google.com/support/bin/answer.py?answer=13287
 
  The Bat! v3.62 Professional Edition
  http://mail.google.com/support/bin/answer.py?answer=32231

..., but the PROBLEM continued.


2.2) Export / Import certificate showed on G! account log: WORKED!!! :)

- Export 'Equifax Secure Certificate Authority' from 'IE':
IE > Tools > Internet Options > Content > Certificates > Trusted certificate authorities (4th tab) > Equifax Secure Certificate Authority > Export > Next > Next > Search > ESCA > ..\Mail Directory\Certificate_ESCA.cer > Save > Next > Finish > OK > Close > OK

- Import 'Equifax Secure Certificate Authority' to 'The Bat!':
The Bat! > Address Book > Trusted Root CA > ^T > Certificates > Import > ..\Mail Directory\Certificate_ESCA.cer > Open > Equifax > View > Certification Path > Add to Trusted > Yes > OK > Cancel

- That's all & enjoy G! msgs!!!

I'm happy this SOLUTION worked for me & hope it works for all!


Good luck,

ASign.
Edited: ASign - 14 February 2009 21:06:22
 
I'm not admin, (although I am a moderator here) but you have correctly described the solution to G-Mail problems caused by not having the correct root certificate available in your section 2.2. Thank you for posting this solution in such detail.
iviarck
 
Hmmm...

What am I missing here?

I have been using TB for months now with Gmail, and have not had this problem.  Is it because I am using v4+

md
 
It only happens if the root certificate for Equifax, is missing or out of date. While it's not a hugely common problem, the posted solution is a keeper.
iviarck
 
Quote
Marck Pearlstone writes:
I don't know if you can edit it. Tell me the changes you want to make, I'll change it and delete these tail end posts.


Marck,


Yes, I can't edit it more. I thinked to fix minor details, but it's needless.

You can "clear this page" (del these tail end posts).


ASign.
 
Quote
Michael David writes:
I have been using TB for months now with Gmail, and have not had this problem. Is it because I am using v4+

Quote
Marck Pearlstone writes:
It only happens if the root certificate for Equifax, is missing or out of date.


Michael & Mark,


I don't know why a helpful (not empty | up of date) 'Equifax Secure Certificate Authority' was missing in ..

  The Bat! > Address Book > Trusted Root CA

Already had 4 Equifax's, maybe unhelpful (empty | out of date):

  Equifax Equifax Secure Certificate Authority
  Equifax Secure eBusiness CA-1
  Equifax Secure Equifax Secure eBusiness CA-2
  Equifax Secure Global eBusiness CA-1

My solution added another ..

  Equifax Equifax Secure Certificate Authority

.., but helpful!


ASign.
 
Thanks Asign for posting the directions for this. I have had this same error message for the past week and it's been driving me crazy. However, I did the import differently as couldn't get it to work for me (or maybe it was just that I was doing something incorrectly) .


But in any case, this is how I did the Import:
Go into the Account Properties of the email account which is generating the error.
> Click on General Tab
> Click on Edit Personal Certificates
> Click on Certificate Tab
> Click on Import and then import the certificate (equifax) file from where it saved itself. (For me this was in My Documents).
> Now highlight the certificate and select the'view" tab and then select 'Add to trusted"

Version: thebat! 4.2.9.1

> Good evening,
> drking
Edited: Regina King - 10 August 2009 07:07:04
 
Hello,

I have an problem with TheBat program. I use more gmail account with no problem before, yesterday i make an new gmail account and now can connect to this new account. SMTP conection works fine but pop3 dont connect. I use The Bat 5.0.12 version and all my account is set up in the past and now i restore when install the bat v 5.0.12 and then set up new account. I try to change the port to import certificate onthis new account and nothing works.


Have some solution for this?

Thanks


P.S.

I found the problem. TheBat put on POP server pop3.gmail.com and the corect setup is pop.gmail.com
Edited: aaaa5 123456 - 08 May 2011 23:55:25
 
Hello!
Thanks for attention to the issue!
I got this problem on 5.3.8, but neither of certificate solutions work for me.
Any other ideas?)

p.s. The servers are pop.gmail.com:995 and smtp.gmail.com:587 with Secure on spec.port and Regular.
Edited: Vitaly Krupenik - 08 April 2013 01:52:08 (add.info)
 
Vitaly Krupenik,


I'm happy my post is useful until now (4 yrs later!) but unfortunatelly I'm not using TB ('The Bat!' or 'The Best!' mail client? That's the question! smile:)) now (maybe I'll use it again later) & can't help so detailed as before.

Maybe help you:
- Read news in '2.1'.
- To vary some in '2.2'.
- Try Regina King's post (10.08.2009 07:02:18   #7).


G lk,

ASign.
Edited: ASign - 08 April 2013 22:05:25 (Text correction.)
 
ASign, thanks!
Unfortunately Regina King's post does not quite work for me either.
I even tried cleaning out all Equifax Certificate Authority certificates, then added them all back, added to trusted, but it still does not work.

I do successfully add the certificate to the list, add it to trusted, but I'm still seeing that "Unknown certificate" window each time TheBat connects.
Since I have 4 gmail mailboxes, it becomes a little annoying..)
 
Hello,

Since about last Wednesday this old thing came for a visit - my gmail accounts would tell me that a certificate couldn't be found and the buttons to install the certificate would be disabled. To save people some searching just download GIAG2.crt from https://pki.google.com/ and Root-R2.crt from https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-certificates. Then install both using the instructions above. I can't remember which of the two helped (probably ROOT-R2). No annoying messages ever since!

Posted out of courtesy to the people on this thread that helped me get on the right track :).

(still using 6.0.12 in 2017!)
Edited: George Nakos - 19 August 2017 10:56:18
 
Dear George Nakos,

Your solution worked for me on The Bat! 5.0.34, Hungarian language version.  

This is the last Hungarian language version I could find, that is why I still use it.

thanks,
Daniel
 
This fixed my recent problems = "TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found)" with Gmail.  However it's a little hard to tell where the GIAG2.crt file is on the https://pki.google.com/  page - it's under the title - "Google's Issuing CA certificate" - click on "Google Internet Authority G2"
 
Hi all,
I am having same problem as all above (have been using TheBat for years):
!27-Nov-17, 19:29:03: FETCH - TLS handshake failure. The server host name ("pop.gmail.com") does not match the certificate.
What certificate exactly? Where to get it from? Where exactly to place it? How to install it?

Also, can you suggest correct setting for TB?Just would like to make sure.

Outgoing Mail (SMTP) Server
smtp.gmail.com
Secure to dedicated port (TLS): Yes
Requires Authentication: Yes
Port: 465

Incoming Mail (POP) Server
pop.gmail.com
Secure to dedicated port (TLS): Yes
Port: 993


Using: W7 32
The Bat! Professional Edition
Version 7.4.6 (32-bit)

TIA
 
This works for me:

Send mail:
smtp.googlemail.com
Secure to dedicated port (TLS)
Authentication: Perform SMTP Authentication (RFC 2554) - Same user/password as for mail retrieval
Port: 465

receive mail:
pop.googlemail.com
Secure to dedicated port (TLS): Yes
Authentication: Regular
Port: 995

The Bat! Pro - v7.4.16 (32-bit)
Pages: 1