error logging into pop.gmail.com: SSL bad peer certificate. Connection refused in lotus notes

error logging into pop.gmail.com: SSL bad peer certificate. Connection refused in lotus notes
porambokuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

porambokuAuthor Commented:
notes 8.5 or notes 9
trying to configure outlook for gmail
Sjef BosmanGroupware ConsultantCommented:
porambokuAuthor Commented:
nope, I did this already..
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Sjef BosmanGroupware ConsultantCommented:
Here's the configuration I used to have, but it's a while ago that I used it:
Capture1.PNG
Capture2.PNG
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Likely problem is SSL... There hasn't really been any SSL for past... well... many years...

All recent certs + connections will be TLS.

I don't use Outlook + most email clients have an option either to try SSL first + then TLS, or to force TLS.

If you set SSL, this means SSL2 or SSL3 + what you're really after is TLS... because...

Google does not support SSL2 + SSL3, because they're insecure + badly broken protocols.
porambokuAuthor Commented:
that's wired.. even today many open source products still use SSL 3 !!!
porambokuAuthor Commented:
so, you think there isn't a solution?
can we force notes client to use TLS?
Sjef BosmanGroupware ConsultantCommented:
Interesting documents that may give you some clues (especially the "less secure clients" part):
https://www-01.ibm.com/support/docview.wss?uid=swg21998171
https://www.notesmail.com/home.nsf/tip20121227
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If you use SSL2 or SSL3 you're just begging for problems.

There's a reason many companies like PayPal just switched (2018-06-29) to requiring TLSv1.2 as minimum security protocol they allow.

Gmail will not accept SSL2 or SSL3 connections.

I'd suggest you open a ticket with the organization providing you with Notes support + ask how to configure Notes to force TLSv1.2 so you're sure you're mail connections are accepted.

And the message you reference above...

error logging into pop.gmail.com: SSL bad peer certificate. Connection refused in lotus notes

Looks to be on a per Notes client basis, so I'm guessing where ever you setup your connection to pop.gmail.com you'll find a toggle switch for Force TLS somewhere.

Important: For this to work, you're first step is logging into the related gmail account + navigate to settings + manually enable POP.

If you don't have POP enabled, then you'll get a connection refused message all the time... which may simply mean POP in gmail is disabled + Notes is spewing a badly formed message.

Tip: Before mucking about with Notes, connect to your gmail account with an openssl client + test your gmail settings.

Way simpler to do initial debug with openssl, than a bloated tool like Notes. Use openssl + you'll get far more descriptive error messages.
Sjef BosmanGroupware ConsultantCommented:
Bloated? Why insult or disqualify the Asker?
Sjef BosmanGroupware ConsultantCommented:
@poramboku: can we see your Gmail setting in Notes?
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Trying to debug connections with Notes (bloated, big code) compared with using openssl (compact code) has nothing to do with insulting.

It's just stating facts.

Using Notes to debug a connection is simply the wrong tool.

The correct first tool is openssl, which is why openssl exists. The openssl library folks built this tool because debugging SSL/TLS connections can be very difficult.

Use openssl first + after you're sure all's well, then roll into Notes the exact/tested settings which you got to work using openssl.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sjef BosmanGroupware ConsultantCommented:
I stand corrected, better use other tools to verify the connection step by step.
Sjef BosmanGroupware ConsultantCommented:
@porambuko: any progress?
porambokuAuthor Commented:
notes 9.,.x dont support, other product chosen
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Lotus IBM

From novice to tech pro — start learning today.