Solved

Eudora 7.1 SSL suddenly rejects certificate, stops connecting

Posted on 2014-10-22
11
4,660 Views
Last Modified: 2015-04-20
Hi:

I'm running Eudora 7.1 on a Windows XP system and on a Windows 7 system. I use it extensively for all email, including client correspondence.

I am configured to use SSL to connect to the hostgator mail server for my account. Server and port options are configured correctly per hostgator.

Eudora has worked fine like this for years. Starting this morning it fails consistently in the same manner on both systems with a rejected certificate error message. Hostgator said that the last SSL version 3 upgrade was October 14, a week ago and that no changes were made to servers this morning.

The Eudora error message is:
    SSL Negotiation Failed: Unknown Error
    Certificate bad: Destination Host name does not match  host name in certificate
    But ignoring this error because Certificate is trusted
    The connection with the server has been lost. Cause:  (200).

Certificate info includes:
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Public Key Algorithm: rsaEncryption
Valid dates: 2000 to 2020.

Hostgator's tools confirm the cert is correct and safe.

In the Eudora Certificate Manager, I specified the cert as trusted per:


This results in two entries for the cert:
Server Certificates:
      (untrusted) GB, Greater Manchester, Salford, COMODO
User Certificates:
      (untrusted) GB, Greater Manchester, Salford, COMODO

I can find no way to delete the untrusted version.

I can connect ok with standard ports and a non-SSL connection. Note that I can still connect with the K-9 email client with SSL on Android - no problems. Sadly, this points to Eudora as the problem.

Here's a report of a similar problem:
http://www.emaildiscussions.com/showthread.php?t=62923

There is no update or replacement for Eudora. Several years ago, Mozilla Thunderbird was passed off as a Eudors replacement, but it lacks compatible functionality. Neither client is supported anymore. I would really, really appreciate help in getting this problem fixed.

Thanks,

Fred
0
Comment
Question by:fredo783
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40397867
In the last week or so, the way that SSL/TLS encryption is handled has changed pretty much worldwide because of a security hole they just found.  If there is a setting for it in Eudora, unselect SSL 3 and select TLS.  TLS replaced SSL about 18 years ago...
0
 

Author Comment

by:fredo783
ID: 40398288
Thanks, Dave. Good advice, but for now I'm stuck with SSL. Here is more information on the problem:

Hostgator finally said that they updated certificates on the server, thus causing the problem with Eudora.

I installed Thunderbird and can connect ok with SSL. Also, I can connect with SSL via an Android pop email app. So the problem is most likely with Eudora.

I can specify StartTLS with Eudora, but not on my shared hosting account. I can install a private certificate on the server and then connect with StartTLS. However, support says that sometimes StartTLS will not work even then.

So, has anyone dealt with this problem with Eudora? Have they successfully used StartTLS with a private certificate?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40398318
Most hosting companies upgraded either there certificates or their SSL/TLS process in the last week.  I haven't had Eudora for at least 5 years now.  But 'stuck with SSL'?  It's been years since anyone has issued an SSL certificate as far as I know.  They are all TLS now.  The problem discovered recently was that the 'downgrade' negotiation from TLS to SSLv3 was flawed so everyone has stopped allowing it.
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 

Author Comment

by:fredo783
ID: 40398373
I must purchase a private cert. Then I can use StartTLS, but there is a chance it won't work.

BTW, what email client have you found that offers the functionality of Eudora?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40398449
Frankly, the last version of Eudora that I had was unusable.  It would not display HTML emails and had some other problems.  It may have been Eudora 6 about 2007.  I don't really know what you mean by "the functionality of Eudora".

I use Thunderbird for most of my business though I have Outlook Express and SeaMonkey also.  I also have Outlook on a few machines that have Microsoft Office.
0
 

Author Comment

by:fredo783
ID: 40427283
Dave:

Thanks for comments. I have upgraded the account and obtained a private cert. The next step will be to test Eudora using starttls.

I evaluated thunderbird two years ago and found some Eudora features that are really nice which thunderbird seems to lack. I will do a full reevaluation as time permits.

You are right about Eudora not displaying all html email correctly. Unfortunately, both Eudora and Thunderbird are essentially unsupported products at this time.

The forum is nagging me to close this issue. So even though I have not completed testing, let me close the issue at this time.

Thanks,

Fred
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40427373
I still get updates for Thunderbird and the new versions are available on their web site.

https://www.mozilla.org/en-US/thunderbird/
0
 

Expert Comment

by:vanitopan
ID: 40733339
I have the same problem as Fredo783.
My question is how can I obtain a private cert and how to (I think) install it in Eudora.
I use Eudora 7.1.0.6 on a laptop with win 7

I hope to get an answer.
Migrate to Mozilla Thunderbird was not quite successful. The possibilities of the "old" Eudora is still very good for me.
Excuse me if I make some English mistakes, I am Dutch and I do not often write in English
Herman
0
 

Author Comment

by:fredo783
ID: 40733483
Vanitopan:

Eudora is a very powerful and flexible email client. I also tried Thunderbird and was not satisfied with it.

Regarding certificates, you do not need a private certificate to run Eudora. In light of security issues, many ISPs have been reissuing SSL /TLS certificates. If Eudora fails because of a rejected certificate, you can tell it to accept the new certificate. The procedure is iterative - you have to accept certificates multiple times.

Open the Eudora personalities window, then right click on the relevant personality, and select Properties. Then on the incoming mail tab, click on the option to see info for the last SSL connection. Then click on the option to go to the certification manager.

In the certificate manager, you will see the certificate chain. This most likely consists of several certificates. You have to accept each one. You can click on the + icon to see additional levels of certificates. Click on all of them to see the entire chain.

If a certificate is trusted, you will see a happy face icon. Certificates that are not trusted have a skull icon. To accept an untrusted certificate, click on it and tell Eudora to trust it. Then close the certificate manager. Then repeat the process: check or send email and then navigate back to the certificate manager to accept additional certificates.

I found this information on the excellent eudora-win discussion list at listmoms.net.

Hope this helps,

Fred
0
 

Expert Comment

by:vanitopan
ID: 40733597
I have found a solution for me. It words without getting a cert.
It is rather simple:
see:
http://serversslcertificate.com/server-ssl-certificate-rejects-eudora/
0
 

Expert Comment

by:vanitopan
ID: 40733699
Fred

Thanks for your answer.
That I have tried, but it did not work!
When I click on the option for the ssl cert I get the message:
"You have never done any SSL negotiation with any personality since the last time you started Eudora"

Looking further on the Internet I found the simple solution in my last post and the result is that i can send end receive mails again.
(see http://serversslcertificate.com/server-ssl-certificate-rejects-eudora/)

So my problem is solved!
Thanks again!
Have an nice day

Herman
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question