Solved

Eudora 7.1 SSL suddenly rejects certificate, stops connecting

Posted on 2014-10-22
11
4,625 Views
Last Modified: 2015-04-20
Hi:

I'm running Eudora 7.1 on a Windows XP system and on a Windows 7 system. I use it extensively for all email, including client correspondence.

I am configured to use SSL to connect to the hostgator mail server for my account. Server and port options are configured correctly per hostgator.

Eudora has worked fine like this for years. Starting this morning it fails consistently in the same manner on both systems with a rejected certificate error message. Hostgator said that the last SSL version 3 upgrade was October 14, a week ago and that no changes were made to servers this morning.

The Eudora error message is:
    SSL Negotiation Failed: Unknown Error
    Certificate bad: Destination Host name does not match  host name in certificate
    But ignoring this error because Certificate is trusted
    The connection with the server has been lost. Cause:  (200).

Certificate info includes:
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Public Key Algorithm: rsaEncryption
Valid dates: 2000 to 2020.

Hostgator's tools confirm the cert is correct and safe.

In the Eudora Certificate Manager, I specified the cert as trusted per:


This results in two entries for the cert:
Server Certificates:
      (untrusted) GB, Greater Manchester, Salford, COMODO
User Certificates:
      (untrusted) GB, Greater Manchester, Salford, COMODO

I can find no way to delete the untrusted version.

I can connect ok with standard ports and a non-SSL connection. Note that I can still connect with the K-9 email client with SSL on Android - no problems. Sadly, this points to Eudora as the problem.

Here's a report of a similar problem:
http://www.emaildiscussions.com/showthread.php?t=62923

There is no update or replacement for Eudora. Several years ago, Mozilla Thunderbird was passed off as a Eudors replacement, but it lacks compatible functionality. Neither client is supported anymore. I would really, really appreciate help in getting this problem fixed.

Thanks,

Fred
0
Comment
Question by:fredo783
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40397867
In the last week or so, the way that SSL/TLS encryption is handled has changed pretty much worldwide because of a security hole they just found.  If there is a setting for it in Eudora, unselect SSL 3 and select TLS.  TLS replaced SSL about 18 years ago...
0
 

Author Comment

by:fredo783
ID: 40398288
Thanks, Dave. Good advice, but for now I'm stuck with SSL. Here is more information on the problem:

Hostgator finally said that they updated certificates on the server, thus causing the problem with Eudora.

I installed Thunderbird and can connect ok with SSL. Also, I can connect with SSL via an Android pop email app. So the problem is most likely with Eudora.

I can specify StartTLS with Eudora, but not on my shared hosting account. I can install a private certificate on the server and then connect with StartTLS. However, support says that sometimes StartTLS will not work even then.

So, has anyone dealt with this problem with Eudora? Have they successfully used StartTLS with a private certificate?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40398318
Most hosting companies upgraded either there certificates or their SSL/TLS process in the last week.  I haven't had Eudora for at least 5 years now.  But 'stuck with SSL'?  It's been years since anyone has issued an SSL certificate as far as I know.  They are all TLS now.  The problem discovered recently was that the 'downgrade' negotiation from TLS to SSLv3 was flawed so everyone has stopped allowing it.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:fredo783
ID: 40398373
I must purchase a private cert. Then I can use StartTLS, but there is a chance it won't work.

BTW, what email client have you found that offers the functionality of Eudora?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40398449
Frankly, the last version of Eudora that I had was unusable.  It would not display HTML emails and had some other problems.  It may have been Eudora 6 about 2007.  I don't really know what you mean by "the functionality of Eudora".

I use Thunderbird for most of my business though I have Outlook Express and SeaMonkey also.  I also have Outlook on a few machines that have Microsoft Office.
0
 

Author Comment

by:fredo783
ID: 40427283
Dave:

Thanks for comments. I have upgraded the account and obtained a private cert. The next step will be to test Eudora using starttls.

I evaluated thunderbird two years ago and found some Eudora features that are really nice which thunderbird seems to lack. I will do a full reevaluation as time permits.

You are right about Eudora not displaying all html email correctly. Unfortunately, both Eudora and Thunderbird are essentially unsupported products at this time.

The forum is nagging me to close this issue. So even though I have not completed testing, let me close the issue at this time.

Thanks,

Fred
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40427373
I still get updates for Thunderbird and the new versions are available on their web site.

https://www.mozilla.org/en-US/thunderbird/
0
 

Expert Comment

by:vanitopan
ID: 40733339
I have the same problem as Fredo783.
My question is how can I obtain a private cert and how to (I think) install it in Eudora.
I use Eudora 7.1.0.6 on a laptop with win 7

I hope to get an answer.
Migrate to Mozilla Thunderbird was not quite successful. The possibilities of the "old" Eudora is still very good for me.
Excuse me if I make some English mistakes, I am Dutch and I do not often write in English
Herman
0
 

Author Comment

by:fredo783
ID: 40733483
Vanitopan:

Eudora is a very powerful and flexible email client. I also tried Thunderbird and was not satisfied with it.

Regarding certificates, you do not need a private certificate to run Eudora. In light of security issues, many ISPs have been reissuing SSL /TLS certificates. If Eudora fails because of a rejected certificate, you can tell it to accept the new certificate. The procedure is iterative - you have to accept certificates multiple times.

Open the Eudora personalities window, then right click on the relevant personality, and select Properties. Then on the incoming mail tab, click on the option to see info for the last SSL connection. Then click on the option to go to the certification manager.

In the certificate manager, you will see the certificate chain. This most likely consists of several certificates. You have to accept each one. You can click on the + icon to see additional levels of certificates. Click on all of them to see the entire chain.

If a certificate is trusted, you will see a happy face icon. Certificates that are not trusted have a skull icon. To accept an untrusted certificate, click on it and tell Eudora to trust it. Then close the certificate manager. Then repeat the process: check or send email and then navigate back to the certificate manager to accept additional certificates.

I found this information on the excellent eudora-win discussion list at listmoms.net.

Hope this helps,

Fred
0
 

Expert Comment

by:vanitopan
ID: 40733597
I have found a solution for me. It words without getting a cert.
It is rather simple:
see:
http://serversslcertificate.com/server-ssl-certificate-rejects-eudora/
0
 

Expert Comment

by:vanitopan
ID: 40733699
Fred

Thanks for your answer.
That I have tried, but it did not work!
When I click on the option for the ssl cert I get the message:
"You have never done any SSL negotiation with any personality since the last time you started Eudora"

Looking further on the Internet I found the simple solution in my last post and the result is that i can send end receive mails again.
(see http://serversslcertificate.com/server-ssl-certificate-rejects-eudora/)

So my problem is solved!
Thanks again!
Have an nice day

Herman
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
PHP contact form that lets the user to contact the company through email contact form. A button is fixed at the bottom of site, on clicking a new window will open where a user can send the email.
This Micro Tutorial demonstrates  how Internet marketers work with competitive analysis data, and a common task in data preparation is creating separate column for domains. You will then extract from a list of URLs.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question