martiColor outside the lines MVM join:2001-12-14 Houston, TX |
marti
MVM
2012-Dec-16 9:28 pm
[mail] Can't get mail via GmailI have had my DSLR account set to be checked through my on-line Gmail account. It has worked for years. The past few days it is not working. Error message :
SSL Security Error. Server returned error "SSL error: certificate has expired"
I do not have a email client set up on any of my computers, therefore I depend on the DSLR to Gmail interface. |
|
|
Re: Can't get mail via GmailI just checked mail:
"fetchmail: Server certificate verification error: certificate has expired"
In my case it still works, because I did not tell "fetchmail" to verify the certificate. (I'm using APOP authentication, so I don't really need a secure connection).
In any case, gmail is correct - the certificate has expired.
1: Can somebody at dslr provide a new certificate; 2: If using a locally signed certificate, can the signing CA certificate be made available somewhere so that we can download and locally install.
Thanks. |
|
nil
join:2000-11-27 |
to marti
I generated a new certificate, try again. |
|
martiColor outside the lines MVM join:2001-12-14 Houston, TX |
marti
MVM
2012-Dec-17 10:17 am
Thanks nil, but I still get the same error message. |
|
nil
join:2000-11-27 |
Unfortunately, it appears that, without any warning, google changed its policy on self-signed certificates. I'll see if we can get a non-self signed one for mail, but in the meantime, this change means the only way to get email via gmail from us is to not use ssl. » productforums.google.com ··· scussion |
|
|
to nil
said by nil:I generated a new certificate, try again. Thanks. It is no longer reported as expired, though it is reported as self-signed (which is not a problem for me). |
|
martiColor outside the lines MVM join:2001-12-14 Houston, TX |
marti
MVM
2012-Dec-17 12:03 pm
nil,
I fixed it: removed SSL requirement and changed server from 995 to 110. Good enough for now. |
|
|
This is where google might be making a mistake.
Using port 995 with a self-signed certificate is more secure than using port 110. |
|
martiColor outside the lines MVM join:2001-12-14 Houston, TX |
marti
MVM
2012-Dec-17 2:01 pm
Yes, but it was the only way I can get my DSLR mail! |
|
|
said by marti:Yes, but it was the only way I can get my DSLR mail! I was not criticizing you. Google seems to be saying that because self-signed certificates are not completely safe, they will force users to do something even more unsafe. I'm not a gmail user. You might check if they at least use APOP authentication, which is safer than a plain text authentication. |
|
nil
join:2000-11-27 |
Agreed, I think it's a stupid decision. If a user trusts the certificate, it should be good enough for google. |
|
3 edits |
to marti
I was having the same difficulty retrieving DSLR mail from with zoho mail (mail.zoho.com). I switched to zoho a while back when I perceived that Google started behaving in, IMHO, a less-than-benevolant manner. I wrote zoho a comment about it, and they now appear to have fixed it and I am now able to retrieve my DSLR mail using SSL/995. This really helps as I really didn't want my DSLR password being transmitted in clear text around the Internet.
So there's one place you could aggregate your mail including DSLR, if you like zoho's interface -- less minimalist than Google, and more (again, IMHO) like DSLR in that features are shown not deliberately obscured, which I like.
I've been using zoho for a while now, and could answer some questions about it if anyone's interested. (There's a whole office suite there too, BTW, and I have not used all of it, or even most of it - it's pretty extensive and there's more than just mail and a word processor.)
Hope this is helpful. |
|
|