Virgin Media
My Virgin Media
Mobile Your Account
Following on from my last message, I wondered whether the issue had something to do with my AVG anti virus software. I disable this, and now the certificate reads as below, the issue has not been resolved.
Would anyone be willing to send me a copy of the certificate that they are seeing?
When viewing the certificate if you go to the details tab you can click Copy to file:
This will open the Certificate export wizard.
Select the PKCS # 7 and Include all certificates in certificate path if possible
In order to help me differentiate between certificates use your username as the filename. I also recommend using browse and putting the certificate somewhere where you know you can get at it. For example I created a folder called TLSCap in the Documents folder
Once you've done this drop me a PM and I'll let you know what email address to send to.
In order to keep YOUR email addresses private I recommend sending to me using Guerilla Mail which will allow you to send with a temporary email address.
https://www.guerrillamail.com/compose
Note: I'm not affiliated with Guerrilla mail. I just don't want to be able to link your usernames and real email addresses together.
Tim
Thanks for the email. When I opened up the certificate from yourself, here's what I got:
So we have the same certificate responding differently on two different machines. Which tells me the certificate itself is not at fault 😞
I've also done a check that rules out a missing root certificate in the Windows Trusted Root CA store. Which is a pity as that would be an easy fix.
Can you go to your extracted certificate and use the same method as above but output the certificate in .cer format.
Then click file manager and using the Quick access list Right click the .cer file and select open file location.
This will open up the directory that the file is in.
Now click File and Open Powershell then pick Open Powershell (DON'T use the admin option here)
A Powershell Window will open - Type in the following command
certutil -verify dizzycert.cer > dizzy.log
Change the filenames as appropriate..
What this does is run the certutil command BUT instead of writing the output to the screen it sends the output to the file dizzy.log After which you can ope the log file and copy the output into a post here:
Issuer:
CN=GlobalSign GCC R3 DV TLS CA 2020
O=GlobalSign nv-sa
C=BE
Name Hash(sha1): 2828e1c94506c213edc35eac058b3b41c4b61d87
Name Hash(md5): 8e185a58f984f5c12197823dc4e41b89
Subject:
CN=email.virginmedia.com
Name Hash(sha1): b4b01dff65fd21acd9c3bce4c7e2963284cb97d4
Name Hash(md5): bb75293537b7826f71dcc0816e2f43b0
Cert Serial Number: 7e1d18d21781c674b0358991
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 3 Hours, 55 Minutes, 20 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 3 Hours, 55 Minutes, 20 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE
NotBefore: 01/10/2020 09:00
NotAfter: 02/11/2021 09:00
Subject: CN=email.virginmedia.com
Serial: 7e1d18d21781c674b0358991
SubjectAltName: DNS Name=email.virginmedia.com, DNS Name=webmail.virginmedia.com, DNS Name=mail.virginmedia.com, DNS Name=mail2.virginmedia.com, DNS Name=mail3.virginmedia.com, DNS Name=pop.virginmedia.com, DNS Name=pop3.virginmedia.com, DNS Name=imap.virginmedia.com, DNS Name=imap4.virginmedia.com, DNS Name=smtp.virginmedia.com, DNS Name=autoconfig.virginmedia.com, DNS Name=autodiscover.virginmedia.com
Cert: c05e21fa19ebc1efa3677d8e5f92d75b8b3e6be1
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL (null):
Issuer: CN=GlobalSign GCC R3 DV TLS CA 2020 - OCSP Responder, O=GlobalSign nv-sa, C=BE
ThisUpdate: 24/02/2021 09:58
NextUpdate: 28/02/2021 09:58
CRL: 3ad0b88894e93edbb0748836cc1e7c2beb2c4fb5
Issuance[0] = 1.3.6.1.4.1.4146.1.10
Issuance[1] = 2.23.140.1.2.1
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
NotBefore: 28/07/2020 00:00
NotAfter: 18/03/2029 00:00
Subject: CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE
Serial: 77bd0e0742d5d9e9d049d774d02a6f9a
Cert: 1c610a0a87d492f48322c2afd3be9b6ad36b6bee
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL (null):
Issuer: CN=GlobalSign OCSP for Root R3 - Signer 1.2, O=GlobalSign nv-sa, C=BE
ThisUpdate: 24/02/2021 09:12
NextUpdate: 28/02/2021 09:12
CRL: 622035073537b9d82cfc88ffbe01ed173159c70d
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication
CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
NotBefore: 18/03/2009 10:00
NotAfter: 18/03/2029 10:00
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Serial: 04000000000121585308a2
Cert: d69b561148f01c77c54578c10926df5b856976ad
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Exclude leaf cert:
Chain: da186fe71862a8f9fc4e5f6fd9b2ed4acc99218b
Full chain:
Chain: 8407c3009c9b96467892aca39ca5e18aa1862c6f
------------------------------------
Verified Issuance Policies:
1.3.6.1.4.1.4146.1.10
2.23.140.1.2.1
Verified Application Policies:
1.3.6.1.5.5.7.3.1 Server Authentication
1.3.6.1.5.5.7.3.2 Client Authentication
Cert is an End Entity certificate
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
Alternatively email me the log file to the gmail address I gave you.
Tim
