error logging into pop.gmail.com: SSL bad peer certificate. Connection refused in lotus notes

poramboku
poramboku used Ask the Experts™
on
error logging into pop.gmail.com: SSL bad peer certificate. Connection refused in lotus notes
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
notes 8.5 or notes 9
trying to configure outlook for gmail
Sjef BosmanGroupware Consultant

Commented:

Author

Commented:
nope, I did this already..
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Sjef BosmanGroupware Consultant

Commented:
Here's the configuration I used to have, but it's a while ago that I used it:
Capture1.PNG
Capture2.PNG
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Likely problem is SSL... There hasn't really been any SSL for past... well... many years...

All recent certs + connections will be TLS.

I don't use Outlook + most email clients have an option either to try SSL first + then TLS, or to force TLS.

If you set SSL, this means SSL2 or SSL3 + what you're really after is TLS... because...

Google does not support SSL2 + SSL3, because they're insecure + badly broken protocols.

Author

Commented:
that's wired.. even today many open source products still use SSL 3 !!!

Author

Commented:
so, you think there isn't a solution?
can we force notes client to use TLS?
Sjef BosmanGroupware Consultant

Commented:
Interesting documents that may give you some clues (especially the "less secure clients" part):
https://www-01.ibm.com/support/docview.wss?uid=swg21998171
https://www.notesmail.com/home.nsf/tip20121227
David FavorFractional CTO
Distinguished Expert 2018

Commented:
If you use SSL2 or SSL3 you're just begging for problems.

There's a reason many companies like PayPal just switched (2018-06-29) to requiring TLSv1.2 as minimum security protocol they allow.

Gmail will not accept SSL2 or SSL3 connections.

I'd suggest you open a ticket with the organization providing you with Notes support + ask how to configure Notes to force TLSv1.2 so you're sure you're mail connections are accepted.

And the message you reference above...

error logging into pop.gmail.com: SSL bad peer certificate. Connection refused in lotus notes

Looks to be on a per Notes client basis, so I'm guessing where ever you setup your connection to pop.gmail.com you'll find a toggle switch for Force TLS somewhere.

Important: For this to work, you're first step is logging into the related gmail account + navigate to settings + manually enable POP.

If you don't have POP enabled, then you'll get a connection refused message all the time... which may simply mean POP in gmail is disabled + Notes is spewing a badly formed message.

Tip: Before mucking about with Notes, connect to your gmail account with an openssl client + test your gmail settings.

Way simpler to do initial debug with openssl, than a bloated tool like Notes. Use openssl + you'll get far more descriptive error messages.
Sjef BosmanGroupware Consultant

Commented:
Bloated? Why insult or disqualify the Asker?
Sjef BosmanGroupware Consultant

Commented:
@poramboku: can we see your Gmail setting in Notes?
Fractional CTO
Distinguished Expert 2018
Commented:
Trying to debug connections with Notes (bloated, big code) compared with using openssl (compact code) has nothing to do with insulting.

It's just stating facts.

Using Notes to debug a connection is simply the wrong tool.

The correct first tool is openssl, which is why openssl exists. The openssl library folks built this tool because debugging SSL/TLS connections can be very difficult.

Use openssl first + after you're sure all's well, then roll into Notes the exact/tested settings which you got to work using openssl.
Sjef BosmanGroupware Consultant

Commented:
I stand corrected, better use other tools to verify the connection step by step.
Sjef BosmanGroupware Consultant

Commented:
@porambuko: any progress?

Author

Commented:
notes 9.,.x dont support, other product chosen

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial