http://www.ritlabs.com New posts in TheBat Voyager and Sectigo AddTrust External CA Root certificate issue of forum at www.ritlabs.com [www.ritlabs.com] en http://backend.userland.com/rss2 Tue, 23 Jun 2020 00:03:02 +0300 TheBat Voyager and Sectigo AddTrust External CA Root certificate issue expired certificate issue in forum The Bat! - Configuring the E-mail Client.
Thank You very much. S/MIME and TLS option worked. But can i somehow fill the inner base of TB with these certificates from crt files?
When i try to do import crt in address book TB displays that there is nothing to import. I can manually add new entries and attach certificates to it, but even if they are in address book, I still can't fetch mails - error is the same.

EDIT:
Don't know if i made it correctly but for
Główny: "SE", "AddTrust AB", "AddTrust External TTP Network", "AddTrust External CA Root" - i have attached updated AAA Sectiago certificate (without removing the old one), and for Wystawca: "US", "New Jersey", "Jersey City", "The USERTRUST Network", "USERTrust RSA Certification Authority" i have attached USERTrustRSAAAACA. Now TB is able to fetch mails.
23 June 2020 00:03:02, Krzysztof Jachowicz.]]> http://www.ritlabs.com/en/forums/forum4/topic14833/message49999/ http://www.ritlabs.com/en/forums/forum4/topic14833/message49999/ Tue, 23 Jun 2020 00:03:02 +0300 The Bat! - Configuring the E-mail Client TheBat Voyager and Sectigo AddTrust External CA Root certificate issue expired certificate issue in forum The Bat! - Configuring the E-mail Client.

====quote====
I have installed new set of Sectigo AAA cross certificates in Windows 7:
=============

The Bat / Voyager, by default, use their own certificate store. The certificates are stored in the Address Book, where you can import certificates too (in the address book, use View | Certificate Address Books to see them).

Certificates stored in Windows itself will only be used if you go to Options | S/MIME and TLS and choose to use the Microsoft CryptoAPI instead of The Bat's own certificate store.


====quote====
TheBat is still trying to go by old "AddTrust External CA Root" and "USERTrust RSA Certification Authority" even if i have removed them from system.
Is TheBat unable to take alternative chain path? Is it TheBat fault, or mail provider fault for pointing such chain to verify?
=============

The certificate itself dictates against which higher-level certificate it must be verified. If that parent certificate is missing, or has expired, nothing can be done.
22 June 2020 20:11:23, Daniel van Rooijen.]]> http://www.ritlabs.com/en/forums/forum4/topic14833/message49997/ http://www.ritlabs.com/en/forums/forum4/topic14833/message49997/ Mon, 22 Jun 2020 20:11:23 +0300 The Bat! - Configuring the E-mail Client TheBat Voyager and Sectigo AddTrust External CA Root certificate issue expired certificate issue in forum The Bat! - Configuring the E-mail Client.
Hello. I can't check mails by TLS from one of providers due to expiration of Sectigo AddTrust External CA Root.
I am user of Voyager version 6.8.4.1 (i know it is quite old version but it worked till now without much issues).
The provider certificate is valid till march 2021 but when i try to check for new mails or send mails i get (sorry for local names):

>2020-06-22, 17:14:16: FETCH - Wystawca: "GB", "Greater Manchester", "Salford", "Sectigo Limited", "Sectigo RSA Domain Validation Secure Server CA". Ważny od 2018-11-02 do 2030-12-31 23:59:59.
>2020-06-22, 17:14:16: FETCH - Wystawca: "US", "New Jersey", "Jersey City", "The USERTRUST Network", "USERTrust RSA Certification Authority". Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38.
>2020-06-22, 17:14:16: FETCH - Główny: "SE", "AddTrust AB", "AddTrust External TTP Network", "AddTrust External CA Root" Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38. Ten certyfikat wygasł!
!2020-06-22, 17:14:16: FETCH - Błąd fazy potwierdzania TLS: Nieważny certyfikat serwera (Ten certyfikat wygasł).

Steps i took:
I have installed new set of Sectigo AAA cross certificates in Windows 7:
AAACertificateServices.crt, SSLcomDVCA_2.crt, USERTrustRSAAAACA.crt, and removed expired AddTrust External CA Root and USERTrust RSA Certification Authority.
It didn't change the outcome.
Then i removed RootCA.EBD and IntermCA.EBD as some forum user suggested and the outcome is now:

>2020-06-22, 17:22:18: FETCH - Wystawca: "GB", "Greater Manchester", "Salford", "Sectigo Limited", "Sectigo RSA Domain Validation Secure Server CA". Ważny od 2018-11-02 do 2030-12-31 23:59:59.
>2020-06-22, 17:22:18: FETCH - Wystawca: "US", "New Jersey", "Jersey City", "The USERTRUST Network", "USERTrust RSA Certification Authority". Ważny od 2000-05-30 10:48:38 do 2020-05-30 10:48:38. Ten certyfikat wygasł!
>2020-06-22, 17:22:18: FETCH - Brak wydawcy: "SE", "AddTrust AB", "AddTrust External TTP Network", "AddTrust External CA Root".
!2020-06-22, 17:22:18: FETCH - Błąd fazy potwierdzania TLS: Nieważny certyfikat serwera (Ten certyfikat wygasł).

TheBat is still trying to go by old "AddTrust External CA Root" and "USERTrust RSA Certification Authority" even if i have removed them from system.
Is TheBat unable to take alternative chain path? Is it TheBat fault, or mail provider fault for pointing such chain to verify?
22 June 2020 18:42:17, Krzysztof Jachowicz.]]> http://www.ritlabs.com/en/forums/forum4/topic14833/message49994/ http://www.ritlabs.com/en/forums/forum4/topic14833/message49994/ Mon, 22 Jun 2020 18:42:17 +0300 The Bat! - Configuring the E-mail Client