Solved

Eudora 7.1 SSL suddenly rejects certificate, stops connecting

Posted on 2014-10-22
11
4,438 Views
Last Modified: 2015-04-20
Hi:

I'm running Eudora 7.1 on a Windows XP system and on a Windows 7 system. I use it extensively for all email, including client correspondence.

I am configured to use SSL to connect to the hostgator mail server for my account. Server and port options are configured correctly per hostgator.

Eudora has worked fine like this for years. Starting this morning it fails consistently in the same manner on both systems with a rejected certificate error message. Hostgator said that the last SSL version 3 upgrade was October 14, a week ago and that no changes were made to servers this morning.

The Eudora error message is:
    SSL Negotiation Failed: Unknown Error
    Certificate bad: Destination Host name does not match  host name in certificate
    But ignoring this error because Certificate is trusted
    The connection with the server has been lost. Cause:  (200).

Certificate info includes:
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Public Key Algorithm: rsaEncryption
Valid dates: 2000 to 2020.

Hostgator's tools confirm the cert is correct and safe.

In the Eudora Certificate Manager, I specified the cert as trusted per:


This results in two entries for the cert:
Server Certificates:
      (untrusted) GB, Greater Manchester, Salford, COMODO
User Certificates:
      (untrusted) GB, Greater Manchester, Salford, COMODO

I can find no way to delete the untrusted version.

I can connect ok with standard ports and a non-SSL connection. Note that I can still connect with the K-9 email client with SSL on Android - no problems. Sadly, this points to Eudora as the problem.

Here's a report of a similar problem:
http://www.emaildiscussions.com/showthread.php?t=62923

There is no update or replacement for Eudora. Several years ago, Mozilla Thunderbird was passed off as a Eudors replacement, but it lacks compatible functionality. Neither client is supported anymore. I would really, really appreciate help in getting this problem fixed.

Thanks,

Fred
0
Comment
Question by:fredo783
  • 4
  • 4
  • 3
11 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40397867
In the last week or so, the way that SSL/TLS encryption is handled has changed pretty much worldwide because of a security hole they just found.  If there is a setting for it in Eudora, unselect SSL 3 and select TLS.  TLS replaced SSL about 18 years ago...
0
 

Author Comment

by:fredo783
ID: 40398288
Thanks, Dave. Good advice, but for now I'm stuck with SSL. Here is more information on the problem:

Hostgator finally said that they updated certificates on the server, thus causing the problem with Eudora.

I installed Thunderbird and can connect ok with SSL. Also, I can connect with SSL via an Android pop email app. So the problem is most likely with Eudora.

I can specify StartTLS with Eudora, but not on my shared hosting account. I can install a private certificate on the server and then connect with StartTLS. However, support says that sometimes StartTLS will not work even then.

So, has anyone dealt with this problem with Eudora? Have they successfully used StartTLS with a private certificate?
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40398318
Most hosting companies upgraded either there certificates or their SSL/TLS process in the last week.  I haven't had Eudora for at least 5 years now.  But 'stuck with SSL'?  It's been years since anyone has issued an SSL certificate as far as I know.  They are all TLS now.  The problem discovered recently was that the 'downgrade' negotiation from TLS to SSLv3 was flawed so everyone has stopped allowing it.
0
 

Author Comment

by:fredo783
ID: 40398373
I must purchase a private cert. Then I can use StartTLS, but there is a chance it won't work.

BTW, what email client have you found that offers the functionality of Eudora?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40398449
Frankly, the last version of Eudora that I had was unusable.  It would not display HTML emails and had some other problems.  It may have been Eudora 6 about 2007.  I don't really know what you mean by "the functionality of Eudora".

I use Thunderbird for most of my business though I have Outlook Express and SeaMonkey also.  I also have Outlook on a few machines that have Microsoft Office.
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 

Author Comment

by:fredo783
ID: 40427283
Dave:

Thanks for comments. I have upgraded the account and obtained a private cert. The next step will be to test Eudora using starttls.

I evaluated thunderbird two years ago and found some Eudora features that are really nice which thunderbird seems to lack. I will do a full reevaluation as time permits.

You are right about Eudora not displaying all html email correctly. Unfortunately, both Eudora and Thunderbird are essentially unsupported products at this time.

The forum is nagging me to close this issue. So even though I have not completed testing, let me close the issue at this time.

Thanks,

Fred
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40427373
I still get updates for Thunderbird and the new versions are available on their web site.

https://www.mozilla.org/en-US/thunderbird/
0
 

Expert Comment

by:vanitopan
ID: 40733339
I have the same problem as Fredo783.
My question is how can I obtain a private cert and how to (I think) install it in Eudora.
I use Eudora 7.1.0.6 on a laptop with win 7

I hope to get an answer.
Migrate to Mozilla Thunderbird was not quite successful. The possibilities of the "old" Eudora is still very good for me.
Excuse me if I make some English mistakes, I am Dutch and I do not often write in English
Herman
0
 

Author Comment

by:fredo783
ID: 40733483
Vanitopan:

Eudora is a very powerful and flexible email client. I also tried Thunderbird and was not satisfied with it.

Regarding certificates, you do not need a private certificate to run Eudora. In light of security issues, many ISPs have been reissuing SSL /TLS certificates. If Eudora fails because of a rejected certificate, you can tell it to accept the new certificate. The procedure is iterative - you have to accept certificates multiple times.

Open the Eudora personalities window, then right click on the relevant personality, and select Properties. Then on the incoming mail tab, click on the option to see info for the last SSL connection. Then click on the option to go to the certification manager.

In the certificate manager, you will see the certificate chain. This most likely consists of several certificates. You have to accept each one. You can click on the + icon to see additional levels of certificates. Click on all of them to see the entire chain.

If a certificate is trusted, you will see a happy face icon. Certificates that are not trusted have a skull icon. To accept an untrusted certificate, click on it and tell Eudora to trust it. Then close the certificate manager. Then repeat the process: check or send email and then navigate back to the certificate manager to accept additional certificates.

I found this information on the excellent eudora-win discussion list at listmoms.net.

Hope this helps,

Fred
0
 

Expert Comment

by:vanitopan
ID: 40733597
I have found a solution for me. It words without getting a cert.
It is rather simple:
see:
http://serversslcertificate.com/server-ssl-certificate-rejects-eudora/
0
 

Expert Comment

by:vanitopan
ID: 40733699
Fred

Thanks for your answer.
That I have tried, but it did not work!
When I click on the option for the ssl cert I get the message:
"You have never done any SSL negotiation with any personality since the last time you started Eudora"

Looking further on the Internet I found the simple solution in my last post and the result is that i can send end receive mails again.
(see http://serversslcertificate.com/server-ssl-certificate-rejects-eudora/)

So my problem is solved!
Thanks again!
Have an nice day

Herman
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
The purpose of this video is to demonstrate how to set up a Mailchimp campaign. This will include styling and adding elements to a newsletter/email. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchim…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now