Menu
Reply
ha222
  • 21
  • 0
  • 0
Joining in
249 Views
Message 11 of 18
Flag for a moderator

Re: Emails - Internet Security Warning

This issue seems to be shunted around without VM technical department involvement. Question is why VM certificate fails verification - a highly technical matter!!

0 Kudos
Reply
ravenstar68
  • 18.7K
  • 1.09K
  • 8.06K
Very Insightful Person
Very Insightful Person
227 Views
Message 12 of 18
Flag for a moderator

Re: Emails - Internet Security Warning

Can anyone experiencing this issue please click on View certificate and post a shot of the General page?

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

DizzyB
  • 15
  • 0
  • 0
On our wavelength
197 Views
Message 13 of 18
Flag for a moderator

Re: Emails - Internet Security Warning

Thanks Tim, here is what I see

Cert general.png

0 Kudos
Reply
DizzyB
  • 15
  • 0
  • 0
On our wavelength
131 Views
Message 14 of 18
Flag for a moderator

Re: Emails - Internet Security Warning

Following on from my last message, I wondered whether the issue had something to do with my AVG anti virus software. I disable this, and now the certificate reads as below, the issue has not been resolved.

ScreenShot00050.png

0 Kudos
Reply
用心棒
  • 5.64K
  • 634
  • 1.97K
Very Insightful Person
Very Insightful Person
83 Views
Message 15 of 18
Flag for a moderator

Re: Emails - Internet Security Warning

No AVG, or similar software, is not the cause as evident by the result of disabling it.

Which version of Outlook are you running?

0 Kudos
Reply
DizzyB
  • 15
  • 0
  • 0
On our wavelength
74 Views
Message 16 of 18
Flag for a moderator

Re: Emails - Internet Security Warning

2007

0 Kudos
Reply
ravenstar68
  • 18.7K
  • 1.09K
  • 8.06K
Very Insightful Person
Very Insightful Person
63 Views
Message 17 of 18
Flag for a moderator

Re: Emails - Internet Security Warning

Would anyone be willing to send me a copy of the certificate that they are seeing?

When viewing the certificate if you go to the details tab you can click Copy to file:

ravenstar68_0-1614153337097.png

This will open the Certificate export wizard.

ravenstar68_1-1614153471990.png

Select the PKCS # 7 and Include all certificates in certificate path if possible

ravenstar68_2-1614153792931.png

In order to help me differentiate between certificates use your username as the filename.  I also recommend using browse and putting the certificate somewhere where you know you can get at it.  For example I created a folder called TLSCap in the Documents folder

ravenstar68_4-1614154770117.png

ravenstar68_5-1614155405178.png

Once you've done this drop me a PM and I'll let you know what email address to send to.

In order to keep YOUR email addresses private I recommend sending to me using Guerilla Mail which will allow you to send with a temporary email address.

https://www.guerrillamail.com/compose

Note:  I'm not affiliated with Guerrilla mail.  I just don't want to be able to link your usernames and real email addresses together.

Tim

 

 

 

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
ravenstar68
  • 18.7K
  • 1.09K
  • 8.06K
Very Insightful Person
Very Insightful Person
36 Views
Message 18 of 18
Flag for a moderator

Re: Emails - Internet Security Warning

@DizzyB 

Thanks for the email.  When I opened up the certificate from yourself, here's what I got:

ravenstar68_0-1614168489002.png

So we have the same certificate responding differently on two different machines.  Which tells me the certificate itself is not at fault 😞

I've also done a check that rules out a missing root certificate in the Windows Trusted Root CA store.  Which is a pity as that would be an easy fix.

Can you go to your extracted certificate and use the same method as above but output the certificate in .cer format.

Then click file manager and using the Quick access list Right click the .cer file and select open file location.

ravenstar68_1-1614171361058.png

 

This will open up the directory that the file is in.

Now click File and Open Powershell then pick Open Powershell (DON'T use the admin option here)

ravenstar68_2-1614171879868.png

A Powershell Window will open - Type in the following command

certutil -verify  dizzycert.cer > dizzy.log

Change the filenames as appropriate..

What this does is run the certutil command BUT instead of writing the output to the screen it sends the output to the file dizzy.log  After which you can ope the log file and copy the output into a post here:

Issuer:
CN=GlobalSign GCC R3 DV TLS CA 2020
O=GlobalSign nv-sa
C=BE
Name Hash(sha1): 2828e1c94506c213edc35eac058b3b41c4b61d87
Name Hash(md5): 8e185a58f984f5c12197823dc4e41b89
Subject:
CN=email.virginmedia.com
Name Hash(sha1): b4b01dff65fd21acd9c3bce4c7e2963284cb97d4
Name Hash(md5): bb75293537b7826f71dcc0816e2f43b0
Cert Serial Number: 7e1d18d21781c674b0358991

dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 3 Hours, 55 Minutes, 20 Seconds

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 3 Hours, 55 Minutes, 20 Seconds

CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE
NotBefore: 01/10/2020 09:00
NotAfter: 02/11/2021 09:00
Subject: CN=email.virginmedia.com
Serial: 7e1d18d21781c674b0358991
SubjectAltName: DNS Name=email.virginmedia.com, DNS Name=webmail.virginmedia.com, DNS Name=mail.virginmedia.com, DNS Name=mail2.virginmedia.com, DNS Name=mail3.virginmedia.com, DNS Name=pop.virginmedia.com, DNS Name=pop3.virginmedia.com, DNS Name=imap.virginmedia.com, DNS Name=imap4.virginmedia.com, DNS Name=smtp.virginmedia.com, DNS Name=autoconfig.virginmedia.com, DNS Name=autodiscover.virginmedia.com
Cert: c05e21fa19ebc1efa3677d8e5f92d75b8b3e6be1
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL (null):
Issuer: CN=GlobalSign GCC R3 DV TLS CA 2020 - OCSP Responder, O=GlobalSign nv-sa, C=BE
ThisUpdate: 24/02/2021 09:58
NextUpdate: 28/02/2021 09:58
CRL: 3ad0b88894e93edbb0748836cc1e7c2beb2c4fb5
Issuance[0] = 1.3.6.1.4.1.4146.1.10
Issuance[1] = 2.23.140.1.2.1
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication

CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
NotBefore: 28/07/2020 00:00
NotAfter: 18/03/2029 00:00
Subject: CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE
Serial: 77bd0e0742d5d9e9d049d774d02a6f9a
Cert: 1c610a0a87d492f48322c2afd3be9b6ad36b6bee
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL (null):
Issuer: CN=GlobalSign OCSP for Root R3 - Signer 1.2, O=GlobalSign nv-sa, C=BE
ThisUpdate: 24/02/2021 09:12
NextUpdate: 28/02/2021 09:12
CRL: 622035073537b9d82cfc88ffbe01ed173159c70d
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.2 Client Authentication

CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
NotBefore: 18/03/2009 10:00
NotAfter: 18/03/2029 10:00
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Serial: 04000000000121585308a2
Cert: d69b561148f01c77c54578c10926df5b856976ad
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

Exclude leaf cert:
Chain: da186fe71862a8f9fc4e5f6fd9b2ed4acc99218b
Full chain:
Chain: 8407c3009c9b96467892aca39ca5e18aa1862c6f
------------------------------------
Verified Issuance Policies:
1.3.6.1.4.1.4146.1.10
2.23.140.1.2.1
Verified Application Policies:
1.3.6.1.5.5.7.3.1 Server Authentication
1.3.6.1.5.5.7.3.2 Client Authentication
Cert is an End Entity certificate
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.

Alternatively email me the log file to the gmail address I gave you.

Tim

 

 

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply