[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[EVOLUTION] Issue with mistakenly rejected SSL certificate

Hi all;

Yesterday, evolution complained about my ISP SSL certificate was not
valid and asked me to accept it or to reject it. I've mistakenly
rejected SSL certificate, but since could not connect anymore to the
server. It keeps giving me error messages: "Could not connect to
imap.sfr.fr: Input/output error"

I've tried with [1] and also with [2] and can see that it connects using
telnet -z ssl howver openssl shows that the certificate date has
expired. I do not know how to cope with this as I can not find any
option to recover my mistake.

Can anyone help please?

PS: Please keep me in copy as I'm not subscribed to d-u@l.d.o.

[1] $telnet -z ssl imap.sfr.fr 993
Trying 93.17.128.92...
SSL: Certificate has expired
notAfter=Nov 29 16:43:13 2012 GMT
Connected to imap.sfr.fr.
Escape character is '^]'.
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID X-FORWARD AUTH=PLAIN
AUTH=LOGIN SASL-IR COMPRESS=DEFLATE] msfrf2416 Cyrus IMAP v2.3.16 server
ready

[2] $openssl s_client -connect imap.sfr.fr:993 -showcerts
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root
CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/C=FR/ST=PARIS/L=PARIS/OU=PFS_FIXES/O=SOCIETE FRANCAISE DU
RADIOTELEPHONE SFR/CN=imap.sfr.fr
   i:/OU=Organization Validation CA/O=GlobalSign/CN=GlobalSign
Organization Validation CA
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgILAQAAAAABLJi2I5wwDQYJKoZIhvcNAQEFBQAwajEjMCEG
A1UECxMaT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0ExEzARBgNVBAoTCkdsb2Jh
bFNpZ24xLjAsBgNVBAMTJUdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRp
b24gQ0EwHhcNMTAxMTI5MTY0MzE4WhcNMTIxMTI5MTY0MzEzWjCBiTELMAkGA1UE
BhMCRlIxDjAMBgNVBAgTBVBBUklTMQ4wDAYDVQQHEwVQQVJJUzESMBAGA1UECxQJ
UEZTX0ZJWEVTMTAwLgYDVQQKEydTT0NJRVRFIEZSQU5DQUlTRSBEVSBSQURJT1RF
TEVQSE9ORSBTRlIxFDASBgNVBAMTC2ltYXAuc2ZyLmZyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwkgq3bZZvtb/L8l4HZAdxABm2qi0dPXBpoe19PN/
jglDvSKGVYuyfAVWvqJR1VvxilF2q/cZpjOTmhR+V4lp8Kt8vDEpxmyVCXDOO0V3
2J1eB3q3J4KQi3WikcZ5NRfZXnhc7QkR5vPB3X/e0nmmp0iiTPHd5v6VSfbhomVI
wVmG05+DntYf8tNyZyHhC1zA5lIyMamuMoB0DU8mXuf4/oTd6ZseOSurqeNgUL4i
DTRT+AUgvqw2A0DwLjuSFLLOQIuq03Fo5soAcL6FoUPS1VME7I0o4Hsn2wg0Vy3y
zrFydFA3Ikt0v8Cl7AVJAKjRrimN2UGkHxffmaHExLo9SQIDAQABo4ICBTCCAgEw
HwYDVR0jBBgwFoAUfW0q7Garp1E2qwJp8XCPxFkLmh8wSQYIKwYBBQUHAQEEPTA7
MDkGCCsGAQUFBzAChi1odHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24ubmV0L2NhY2Vy
dC9vcmd2MS5jcnQwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5nbG9iYWxz
aWduLm5ldC9Pcmdhbml6YXRpb25WYWwxLmNybDAdBgNVHQ4EFgQU/MSNgUgUs+a5
SUTVoRzmZu6ud00wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKQYDVR0lBCIw
IAYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDMEsGA1UdIAREMEIwQAYJ
KwYBBAGgMgEUMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5u
ZXQvcmVwb3NpdG9yeS8wEQYJYIZIAYb4QgEBBAQDAgbAMIGMBgNVHREEgYQwgYGC
C2ltYXAuc2ZyLmZyghBtYWlsLmltYXAuc2ZyLmZyghhhdXRvZGlzY292ZXIuaW1h
cC5zZnIuZnKCD293YS5pbWFwLnNmci5mcoIMaW1hcC5uZXVmLmZyghBpbWFwLmNl
Z2V0ZWwubmV0ghVpbWFwLmNsdWItaW50ZXJuZXQuZnIwDQYJKoZIhvcNAQEFBQAD
ggEBAGABppROVCblC3ZcNAeDPH+UDE/D2CJ69sumMiGffKl5kocIOCKOOaczb6tb
6dryQ0cQPnGuQZ1mVvEaIj/rZ4d/VFxWij3ntIVbyIOc/QXgp1ggUzVsoFTadgxS
4DFQJkY/JBbJF5XpG55mbRtlsqSJ8Fv928d6FyYvlQHSVO5tEleuwlMNbDewYYvH
SNUtMomVJRKxRQPPKUochzZ9tqs5Emx/P+zf/h3zps9JMaOvP6I7dFbQEUdGrgrX
YIM7Z/XFHEZersdeCPfHGVmys3JcgQP38BQTvbhtNA0XQmnep9PsedE5fQ6BbAv7
oso5jrnZnxuzOb2LcOWsw65nsrk=
-----END CERTIFICATE-----
 1 s:/OU=Organization Validation CA/O=GlobalSign/CN=GlobalSign
Organization Validation CA
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIEZzCCA0+gAwIBAgILBAAAAAABHkSl9SowDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNzA0MTExMjAw
MDBaFw0xNzA0MTExMjAwMDBaMGoxIzAhBgNVBAsTGk9yZ2FuaXphdGlvbiBWYWxp
ZGF0aW9uIENBMRMwEQYDVQQKEwpHbG9iYWxTaWduMS4wLAYDVQQDEyVHbG9iYWxT
aWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAoS/EvM6HA+lnwYnI5ZP8fbStnvZjTmronCxziaIB9I8h
+P0lnVgWbYb27klXdX516iIRfj37x0JB3PzFDJFVgHvrZDMdm/nKOOmrxiVDUSVA
9OR+GFVqqY8QOkAe1leD738vNC8t0vZTwhkNt+3JgfVGLLQjQl6dEwN17Opq/Fd8
yTaXO5jcExPs7EH6XTTquZPnEBZlzJyS/fXFnT5KuQn85F8eaV9N9FZyRLEdIwPI
NvZliMi/ORZFjh4mbFEWxSoAOMWkE2mVfasBO6jEFLSA2qwaRCDV/qkGexQnr+Aw
Id2Q9KnVIxkuHgPmwd+VKeTBlEPdPpCqy0vJvorTOQIDAQABo4IBHzCCARswDgYD
VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFH1tKuxm
q6dRNqsCafFwj8RZC5ofMEsGA1UdIAREMEIwQAYJKwYBBAGgMgEUMDMwMQYIKwYB
BQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQvcmVwb3NpdG9yeS8wMwYD
VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNy
bDARBglghkgBhvhCAQEEBAMCAgQwIAYDVR0lBBkwFwYKKwYBBAGCNwoDAwYJYIZI
AYb4QgQBMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3
DQEBBQUAA4IBAQB5R/wV10x53w96ns7UfEtjyYm1ez+ZEuicjJpJL+BOlUrtx7y+
8aLbjpMdunFUqkvZiSIkh8UEqKyCUqBS+LjhT6EnZmMhSjnnx8VOX7LWHRNtMOnO
16IcvCkKczxbI0n+1v/KsE/18meYwEcR+LdIppAJ1kK+6rG5U0LDnCDJ+6FbtVZt
h4HIYKzEuXInCo4eqLEuzTKieFewnPiVu0OOjDGGblMNxhIFukFuqDUwCRgdAmH/
/e413mrDO9BNS05QslY2DERd2hplKuaYVqljMy4E567o9I63stp9wMjirqYoL+PJ
c738B0E0t6pu7qfb0ZM87ZDsMpKI2cgjbHQh
-----END CERTIFICATE-----
 2 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=FR/ST=PARIS/L=PARIS/OU=PFS_FIXES/O=SOCIETE FRANCAISE DU
RADIOTELEPHONE SFR/CN=imap.sfr.fr
issuer=/OU=Organization Validation CA/O=GlobalSign/CN=GlobalSign
Organization Validation CA
---
No client certificate CA names sent
---
SSL handshake has read 4130 bytes and written 518 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID:
7792153F91077DC98022F4936FA9E0C09DFD6B4CDCE86D4C8A1E840F4F09E906
    Session-ID-ctx: 
    Master-Key:
AE6FAD3563E7D1D1194727B5072E25E9C9BFDE409DC01110A5AFB57A14BD462ABC50E63FBA2C53F7E5D80DC679A0350A
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1354280691
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate
chain)
---
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID X-FORWARD AUTH=PLAIN
AUTH=LOGIN SASL-IR COMPRESS=DEFLATE] msfrf2416 Cyrus IMAP v2.3.16 server
ready
DONE

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: