Jump to content

pop.spamcop.net with SSL (port 995), certificate problem?


Recommended Posts

I've been using my spamcop e-mail account for many years now, I really like it a lot! To retrieve my e-mail I've been using the pop.spamcop.net server and about 6 months ago or so I set it to use SSL to connect to that server (using port 995). This has always been working great.

Since a few days, however, my e-mail client (Mozilla Thunderbird 2.0.0.17) is giving me warnings about issues with the SSL certificate for pop.spamcop.net. Is this a known issue, or should I change anything on my end?

Thanks,

Ronald

Link to comment
Share on other sites

It looks like about 1 year ago (in September, however), there were also problems with an expired certificate. I am not a client of the email system so I don't know how you would go about sending in a trouble ticket - copied from another topic about other problems with pop servers "have you tried the "Problem" button within SpamCop's Webmail screen? That it the best way recently to get support for the Webmail system." OTOH, an expired certificate should not prevent the email system from working, I understand. If no one else chimes in, then maybe it would be worthwhile to check and make sure nothing has changed on your end.

Miss Betsy

Link to comment
Share on other sites

Use "mail.spamcop.net" instead of "pop" and your problem should disappear. The security cert is for "mail" -- not for "pop" and doesn't expire until April 2009.

I'm getting the same problem, with OS X Mail. Changing to "mail.spamcop.net" doesn't help; it still uses the certificate issued to "pop.spamcop.net".

The error isn't expiry. The error is that there is no root certificate. It says:

pop.spamcop.net

Issued by Go Daddy Secure Certification Authority

Expires: Tuesday, September 28, 2010 3:04:08 PM US/Central

This certificate was signed by an unknown authority

I checked the keychain, and the only Go Daddy certificate is a different one, for "Go Daddy Class 2 Certification Authority".

Link to comment
Share on other sites

I just tested using Thunderbird (2.0.0.0), using both server names (I was examining the certs using HTTPS connections previously). When I used "mail.spamcop.net" and SSL, I got the mismatch error, and saw that it was a GoDaddy cert for "pop," so I switched to "pop.spamcop.net" with SSL and grabbed my messages without an error. My Pegasus client wasn't so picky...it did SSL popping using either hostname without complaining.

I'll try updating my Thunderbird and see if that makes any difference.

[on edit] I updated to 2.0.0.17, restarted Thunderbird and it's happy doing an SSL pop on port 995 of pop.spamcop.net, but if anyone's experience is different than that, they should use the "Problem" report funtion in webmail.

DT

Edited by DavidT
Link to comment
Share on other sites

  • 2 years later...

Is anyone else seeing this?

Somehow the SSL certificate for imap.spamcop.net has expired and been replaced with a very old certificate. The certificate I'm seeing via Outlook is a GoDaddy certificate valid from ‎Friday, ‎September ‎28, ‎2007 1:03:19 PM to ‎Tuesday, ‎September ‎28, ‎2010 1:03:19 PM.

I'm not sure what's going on there. It seems odd that such an old certificate is being used, never mind the fact that it's somehow been reinstalled some 8 months after it expired.

[Edit by turetzsr: moved from original Forum topic 11780]

Link to comment
Share on other sites

Is anyone else seeing this?

Somehow the SSL certificate for imap.spamcop.net has expired and been replaced with a very old certificate. The certificate I'm seeing via Outlook is a GoDaddy certificate valid from ‎Friday, ‎September ‎28, ‎2007 1:03:19 PM to ‎Tuesday, ‎September ‎28, ‎2010 1:03:19 PM.

I'm not sure what's going on there. It seems odd that such an old certificate is being used, never mind the fact that it's somehow been reinstalled some 8 months after it expired.

[Edit by turetzsr: moved from original Forum topic 11780]

I am seeing an old certificate also.

Cameron:Desktop edt$ openssl x509 -inform der -in imap.spamcop.net.cer -noout -text

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 4275701 (0x413df5)

Signature Algorithm: sha1WithRSAEncryption

Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure Certification Authority/serialNumber=07969287

Validity

Not Before: Sep 28 20:03:19 2007 GMT

Not After : Sep 28 20:03:19 2010 GMT

Subject: O=imap.spamcop.net, OU=Domain Control Validated, CN=imap.spamcop.net

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (1024 bit)

Modulus:

00:9a:77:06:d6:99:69:38:57:b9:08:d3:68:f3:1c:

3e:d7:d6:dc:cf:e8:9f:b2:7f:fc:a5:b8:1a:85:50:

84:6a:56:bb:c7:e8:98:4a:0c:94:b0:8f:b5:2d:9f:

5f:20:9b:a5:15:e0:b9:50:cd:5b:91:44:6c:2c:8b:

ae:a8:d5:3a:d0:4b:44:99:d0:1d:8a:82:71:e3:33:

40:c2:a6:a2:a6:8b:61:26:a6:b1:60:2d:a2:1c:86:

7d:8f:91:00:59:42:5f:c2:96:20:1b:ee:13:a5:62:

af:f9:49:4b:dc:6c:3a:e3:dc:40:54:36:3c:da:07:

cb:2c:1e:cc:42:f1:60:df:7b

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

X509v3 Key Usage:

Digital Signature, Key Encipherment

X509v3 Extended Key Usage:

TLS Web Server Authentication, TLS Web Client Authentication

X509v3 CRL Distribution Points:

Full Name:

URI:http://certificates.godaddy.com/repository/godaddyextendedissuing.crl

X509v3 Certificate Policies:

Policy: 2.16.840.1.114413.1.7.23.1

CPS: http://certificates.godaddy.com/repository

Authority Information Access:

OCSP - URI:http://ocsp.godaddy.com

CA Issuers - URI:http://certificates.godaddy.com/repository/gd_intermediate.crt

X509v3 Subject Key Identifier:

36:04:3F:74:DB:CC:7F:D1:69:57:2C:E4:FB:95:57:07:A3:F8:6D:68

X509v3 Authority Key Identifier:

keyid:FD:AC:61:32:93:6C:45:D6:E2:EE:85:5F:9A:BA:E7:76:99:68:CC:E7

X509v3 Subject Alternative Name:

DNS:imap.spamcop.net, DNS:www.imap.spamcop.net

Signature Algorithm: sha1WithRSAEncryption

31:a7:4b:47:ca:b5:24:24:d6:f8:26:ee:53:63:6e:e4:60:11:

0c:0f:58:65:29:91:d9:ea:37:86:d7:66:18:3c:bd:3d:1d:d6:

0d:90:c4:01:7b:a2:d8:d5:f4:9a:3c:a5:e2:b0:62:99:6e:3f:

aa:88:51:ec:d0:dc:ec:9b:5e:c7:3e:0e:69:19:08:5e:21:05:

c4:dc:bc:a8:2c:03:45:b7:ce:d2:2a:b6:70:14:99:88:45:3a:

39:a7:68:1d:80:38:20:5c:62:d0:7d:c7:dc:70:a7:92:3e:ca:

37:11:23:f7:bf:db:b4:8c:ea:a8:56:ff:ad:b6:27:0b:61:46:

28:2d:2e:1e:9a:2b:22:0f:d8:d6:39:88:57:b8:e4:95:d2:4e:

b0:c3:91:09:fc:ce:fe:af:89:23:4d:0c:f6:96:3c:b8:e3:9b:

09:d1:6c:87:fe:fb:5c:8f:3e:c1:98:ba:42:b1:60:e2:78:e3:

21:be:34:a0:5e:b5:1b:b8:fa:f6:af:be:3f:07:7d:f3:16:17:

39:f4:37:c4:bb:8e:1c:b7:df:67:6d:b3:79:14:02:c5:d7:24:

58:9f:11:53:57:63:5f:72:d1:d9:53:56:7a:dc:08:d3:ca:c2:

4e:df:51:d0:ef:15:38:d0:34:cd:4f:e2:1f:2f:eb:e8:4e:4c:

68:26:a0:1b

Cameron:Desktop edt$

Link to comment
Share on other sites

Is anyone else seeing this?

Somehow the SSL certificate for imap.spamcop.net has expired and been replaced with a very old certificate. The certificate I'm seeing via Outlook is a GoDaddy certificate valid from ‎Friday, ‎September ‎28, ‎2007 1:03:19 PM to ‎Tuesday, ‎September ‎28, ‎2010 1:03:19 PM.

Yeah, saw it an hour or so ago. Fired off a note to JT/Support.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...