I'm using Mozilla Firefox. I've not changed anything for years but now cannot download emails because "the certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature" and "Legitimate banks, stores and other public sites will not ask you to do this". The location it refers to is Imap.virginmedia.com:993 which is the server setting and port in my account details. The certificate itself was issued in October 2020 and continues until November 2021. Any ideas on how to sort this out would be very welcome.
May I suggest you make sure your internet browser is on the latest version. If this didn’t change anything please try it on a different browser. If it works on the other browser then it must be something to do with Mozilla Firefox.
I don't believe this is anything to do with OS or browser, it happens on android ,windows, linux and is a little bit annoying. Seemed to start yesterday 15/02 for me. Webmail access will work. All IMAP clients I've used, complain about the certificate.
I believe it's a TLS certificate verification problem. To be fair, it may not be fully VMs fault and the problem may lie @ the certificate issuing authority GlobalSign (......unless VM have made some changes to email access that they haven't publicised very well???)
If anybody technical @ VM actually reads this stuff, this may help:
openssl s_client -connect imap.virginmedia.com:993 -servername imap.virginmedia.com CONNECTED(00000003) depth=0 CN = email.virginmedia.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = email.virginmedia.com verify error:num=21:unable to verify the first certificate verify return:1 depth=0 CN = email.virginmedia.com verify return:1 --- Certificate chain 0 s:CN = email.virginmedia.com i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign GCC R3 DV TLS CA 2020 --- Server certificate -----BEGIN CERTIFICATE----- blah, blah, certificate (certificate removed in forum post for readability) -----END CERTIFICATE----- subject=CN = email.virginmedia.com
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign GCC R3 DV TLS CA 2020
--- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-521, 521 bits --- SSL handshake has read 2341 bytes and written 506 bytes Verification error: unable to verify the first certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Session-ID-ctx: Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX PSK identity: None PSK identity hint: None SRP username: None Start Time: 1613459843 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) Extended master secret: no --- * OK Virgin Media IMAP4 server ready [ e4c558782VM ].
I would call VM support, but life's too short to go through the usual list of trivial questions the first line support people are forced to ask, to cover all levels of VM customer IT competence.
I was just about to send a bug report for the app I use to access email - Aqua Mail, as none of my ntlworld email accounts would sync again today. I thought I'd check up on the forum here first. Glad I did.
I noticed my Virgin emails weren't syncing yesterday. However, after I entered the Manage account settings in-app, I clicked on Account setup / left the name & password as-is / clicked "next" (Servers checked and passed) / left name & account name as-is / saved. This appeared to have fixed it - messages synced all day as expected again. However, after restarting both my phone (Xiaomi Mi 9T), my tablet (Samsung Galaxy Tab S4) and my wife's tablet (Samsung Galaxy Tab S4) today - all failed to sync any ntlworld / virgin accounts. Gmail account works fine and has done throughout this issue.
The brief popup error message(s) reads -
"Error checking mail. Invalid security (SSL) certificate. Java.security.cert.CertPathValidatorException. Trust anchor for certification path not found."
Refreshing each account's settings without changing anything seems to temporarily fix the issue. That's 3 different devices with sync issues on 3 different ntlworld / virgin accounts.