Eudora 6.2.5.6, using SSL, is popping up a very large dialog box, with this error:

The Server's SSL ceritificate was rejected for the following reason:
One certificate in the server cert chain has Expired.
Do you want to trust this certificate in future sessions?

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Validity
Not Before: Aug 1 00:00:00 1996 GMT
Not After : Dec 31 23:59:59 2020 GMT
Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:
68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:
85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:
6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:
6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:
29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:
6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:
5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:
3a:c2:b5:66:22:12:d6:87:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9:
a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48:
3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88:
4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9:
8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5:
e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9:
b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e:
70:47

Clicking "yes" does not help much.
I guess it's time to try Eudora 7, and see if behaves differently...

Hi kitchin,

Thank you so much for bringing this to our attention. Looks like we missed one during renewal time...:shocked:. But we are working on it right now.

Thanks again.

Should be all fixed up now. :yeah:

Thanks! I upgraded to Eudora 7 and the "yes" button now works too! :)

Eudora is still complaining, on a fresh install of the latest version in a clean directory (7.0.1.0). The override works now, though. Here is the new complaint:

The Server's SSL certificate was rejected for the following reason:
Certificate Error: Cert Chain not trusted.
Do you want to trust this certificate in future sessions?

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:1f:9d:c8:06:ab:e7:a5:4a:93:64:b5:37:48:a5:f2
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=DigiCert Inc., CN=DigiCert Security Services CA
Validity
Not Before: Dec 26 00:00:00 2005 GMT
Not After : Feb 23 23:59:59 2009 GMT
Subject: C=US/2.5.4.17=32762-3127, ST=Florida, L=Oviedo/2.5.4.9=PO Box 623127, O=FutureQuest, Inc., OU=Internet Security Division, OU=Hosted by DigiCert, Inc., OU=PlatinumSSL, CN=secure.futurequest.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:9e:e5:aa:5a:aa:f1:8b:0e:9e:ca:ab:fd:7b:84:
9a:96:40:e2:50:f4:6f:30:33:23:68:d4:97:04:fa:
93:45:76:ce:a7:2f:e8:c0:fd:e9:a2:06:19:f3:0b:
00:35:26:ba:1b:e0:e5:9b:29:d9:50:55:10:bf:df:
9d:88:c3:13:01:bc:d3:4d:b3:9e:3c:1f:95:35:9b:
44:6a:d5:5d:ed:ee:fd:bb:2e:bf:ba:4e:48:aa:d0:
9f:7d:80:05:d8:3b:e6:5b:93:9c:62:50:29:13:9f:
d6:55:98:07:db:73:82:e8:62:44:72:d5:7a:cc:01:
18:5f:5a:0f:c2:4b:9a:40:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:30:54:E1:40:63:1B:20:98:57:72:30:3F:62:4B:08:2F:53:87:3D:08

X509v3 Subject Key Identifier:
B9:01:E1:41:3D:A4:91:77:80:01:00:11:D5:54:00:99:05:20:19:35
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Netscape Cert Type:
SSL Client, SSL Server
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.6
CPS: http://www.digicert.com/ssl-cps-repository.htm

X509v3 CRL Distribution Points:
URI:http://crl.digicert.com/DigiCertSecurityServicesCA_2.crl
URI:http://crl2.digicert.com/DigiCertSecurityServicesCA_2.crl

Signature Algorithm: sha1WithRSAEncryption
13:40:39:ed:47:c1:f4:7a:f5:a7:bf:19:1d:3a:a4:98:77:f8:
13:29:82:70:f1:2b:89:5e:3e:43:f7:c1:88:eb:fe:30:25:e4:
f2:51:07:cd:ea:1c:07:ab:ec:0b:93:71:77:07:26:05:04:9f:
d7:3a:3b:c0:0b:ff:c1:5c:7f:b0:30:1e:85:9e:69:50:b4:89:
5b:4f:8d:75:71:62:35:3f:52:cd:39:86:a0:60:cc:b5:48:49:
29:cb:76:72:c7:69:90:cf:ab:96:76:02:0d:1c:a4:40:ba:e9:
82:13:da:cc:a6:58:77:e5:da:73:a5:7d:50:d4:1d:7b:eb:f2:
5e:c0:97:c1:b4:af:20:34:3b:8b:10:76:c3:ed:95:09:58:4b:
2c:3e:6a:49:fb:9a:a6:2b:37:ed:4e:d7:a6:c2:71:91:8b:e7:
b5:3e:c9:af:47:f1:8c:0d:ef:b4:da:1e:02:f9:67:6d:0b:e5:
db:4c:a2:c2:4f:e4:5d:a4:c4:cd:a3:54:2f:aa:c4:0f:97:4d:
8b:53:6c:46:4d:65:a0:b6:ba:9f:c0:af:7b:b0:ae:97:9b:aa:
6a:77:82:24:e9:1c:dd:4f:05:04:d4:27:46:b5:19:67:2e:a3:
e7:85:c0:09:c9:f2:f1:f6:d2:bc:b3:be:40:4c:d3:dd:9f:41:
96:23:60:ab


More info in the status window:

SSL Negotiation Failed: Certificate Error: Cert Chain not trusted. Certificate bad: Destination Host name does not match host name in certificate. But ignoring this error because Certificate is trusted. The connection with the server has been lost. Cause: (206)

The error message seems confused itself. It's not ignored.

Kitchin, please test it again, the problem should now be resolved...

The problem was that the new CERT requires an intermediate chain CERT and that was not included in the core CERT bundle for Secure POP3...

--
Terra
sysAdmin
FutureQuest

Xclnt, no more warnings. Thanks...