Menu
Reply
  • 99
  • 0
  • 0
piccalilli
Joining in
649 Views
Message 1 of 11
Flag for a moderator

SSL Certificate changed

Screenshot_2017-03-24_11-07-45.png

Is this legit? I am assuming this has to do with the recent server changes. I am still on the old settings.

0 Kudos
Reply

Helpful Answers
  • 13.66K
  • 720
  • 4.73K
Superuser
Superuser
1,160 Views
Message 4 of 11
Flag for a moderator
Helpful Answer

Re: SSL Certificate changed

@用心棒  Why should the date match?  It's a different certificate.

Ditto for the Fingerprint.

If you look at the date on the original certificate, you can see why the certificate has been changed.  It's because the old one is due to expire on 29th March.

That said the new certificate, while seemingly valid, does have an issue, after checking I've also determined that this issue applies to other new certificates as well.

The Old certificates Identified Virgin Media 

 

subject=/C=GB/OU=Domain Control Validated/CN=imap.blueyonder.co.uk
issuer=/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

@ModTeam Can you ask someone to look at all the new certificates they've been generating?  IMHO those certificate requests shouldn't have been accepted by AlphaSSL Smiley Sad

 

@piccalilli The certificate change is not related to the server settings change itself.  What is happening is that Virgin Media want everyone to move over to 

imap.virginmedia.com or
pop3.virginmedia.com (as appropriate)

and smtp.virginmedia.com

The old servers are still running in parallel for now but will be switched off at some point in the future.  So I would recommend changing over to the new server settings.  Remember also that the username is now the FULL email address e.g. joebloggs@blueyonder.co.uk - Ports and SSL are the same settings you have already.

Tim

________________________________________


Only use Helpful answer if your problems been solved.


All Replies
  • 1.43K
  • 154
  • 458
Superuser
Superuser
623 Views
Message 2 of 11
Flag for a moderator

Re: SSL Certificate changed

There has been a certificate change but the status information shown for the new certificate is wrong, for example,  the the expires on date does not match the end date shown toward the bottom of this thread posted here, IMAP email certificates invalid; also more importantly the fingerprint does not match that of the certificate. What software generated the SSL certificate changed information shown?

0 Kudos
Reply
  • 99
  • 0
  • 0
piccalilli
Joining in
600 Views
Message 3 of 11
Flag for a moderator

Re: SSL Certificate changed

Claws Mail 3.13.2 on Ubuntu 16.04.

0 Kudos
Reply
  • 13.66K
  • 720
  • 4.73K
Superuser
Superuser
1,161 Views
Message 4 of 11
Flag for a moderator
Helpful Answer

Re: SSL Certificate changed

@用心棒  Why should the date match?  It's a different certificate.

Ditto for the Fingerprint.

If you look at the date on the original certificate, you can see why the certificate has been changed.  It's because the old one is due to expire on 29th March.

That said the new certificate, while seemingly valid, does have an issue, after checking I've also determined that this issue applies to other new certificates as well.

The Old certificates Identified Virgin Media 

 

subject=/C=GB/OU=Domain Control Validated/CN=imap.blueyonder.co.uk
issuer=/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2

@ModTeam Can you ask someone to look at all the new certificates they've been generating?  IMHO those certificate requests shouldn't have been accepted by AlphaSSL Smiley Sad

 

@piccalilli The certificate change is not related to the server settings change itself.  What is happening is that Virgin Media want everyone to move over to 

imap.virginmedia.com or
pop3.virginmedia.com (as appropriate)

and smtp.virginmedia.com

The old servers are still running in parallel for now but will be switched off at some point in the future.  So I would recommend changing over to the new server settings.  Remember also that the username is now the FULL email address e.g. joebloggs@blueyonder.co.uk - Ports and SSL are the same settings you have already.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 1.43K
  • 154
  • 458
Superuser
Superuser
566 Views
Message 5 of 11
Flag for a moderator

Re: SSL Certificate changed


ravenstar68 wrote:

@用心棒  Why should the date match?  It's a different certificate.

Ditto for the Fingerprint.

Tim


The new certificate status details:

2017-03-25-00.jpeg

Which does not match the end date and (sha1) fingerprint reported through openssl:

issuer= /C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
subject= /C=GB/OU=Domain Control Validated/CN=imap.virginmedia.com
notAfter=Feb 16 08:11:17 2019 GMT
SHA1 Fingerprint=**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:9B:7E

 BTW, fingerprint quoted above was automatically redacted on posting but remaining parts still illustrates the issue.

0 Kudos
Reply
  • 13.66K
  • 720
  • 4.73K
Superuser
Superuser
548 Views
Message 6 of 11
Flag for a moderator

Re: SSL Certificate changed

Look at the CN names

The one you are referring to is a different certificate.

The one the OP is referring to - CN = imap.blueyonder.co.uk
The SSL certificate in the OpenSSL extract  CN = imap.virginmedia.com

Tim

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 1.43K
  • 154
  • 458
Superuser
Superuser
533 Views
Message 7 of 11
Flag for a moderator

Re: SSL Certificate changed

Oops, you are correct, my mistake. No idea why I tunnel vision(ed) on the wrong domain but thanks for the clarity.

0 Kudos
Reply
  • 1.43K
  • 154
  • 458
Superuser
Superuser
526 Views
Message 8 of 11
Flag for a moderator

Re: SSL Certificate changed

Are you able to match the fingerprint to @piccalilli screenshot; I am still getting a mismatch?

issuer= /C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
subject= /C=GB/OU=Domain Control Validated/CN=imap.blueyonder.co.uk
notAfter=Mar 25 10:57:57 2019 GMT
SHA1 Fingerprint=**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:AA:8B
0 Kudos
Reply
  • 13.66K
  • 720
  • 4.73K
Superuser
Superuser
513 Views
Message 9 of 11
Flag for a moderator

Re: SSL Certificate changed

The OP is looking at imap4.blueyonder.co.uk rather than imap.blueyonder.co.uk

Checking the certificate on my PC the two Fingerprints agree.

Checking imap.blueyonder.co.uk I get the same fingerprint as you.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 6
  • 1
  • 1
JackLN
Tuning in
471 Views
Message 10 of 11
Flag for a moderator

Re: SSL Certificate changed

The new certificates are "Domain Control Validated" but I don't see why this would be an issue.

You can't inspect the certificate in your email client anyway (Claws might be the exception).
0 Kudos
Reply