none
Digital Certificates for Dummies

    Question

  • The other day my ISP decided to update one of its certificates, and my email came to a graunching halt.  I'm using W7HPx64 and Eudora 6.2 Paid Mode.  OK, OK, I know, but it's easy-to-use, ultra-reliable, and so on.  However.  I've told Eudora to use "Secure Sockets when ....">Required, STARTTLS; it has a button "Last SSL Info" which lets us look at certificates.

    So Eudora yelps that basically the server's SSL certificate was rejected because the Certificate Chain is not trusted.  Would I like to trust it for future use?  No, I don't (at least not yet) and click on "Last SSL Info">Certificate Information Manager>View details>Certification Path says this certificate is OK.

    Now I know as much about Certificates as most of you know about West Australian crayfish (aka: rock Lobster), very little.  So, do I want to simply cave in and say "YES!!!!! Trust it!!!!", or is there some better way?  I have looked at the certificates in the chain, RapidSSL CA and GeoTrust Global CA, but they carry about as much info as the Russian original of "War and Peace".

    Help?  Please?

    Gordon.

    Tuesday, August 06, 2013 11:50 AM

Answers

  • Once you're sure  the certificate presented is real and from your ISP  (in worst case by contacting the supplier (your ISP) and comparing the thumbprint) you can safely mark the certificate as trusted.

    For specifics on how to configure Eudora in your scenario, you better seek support at http://www.eudora.com/techsupport/


    MCP/MCSA/MCTS/MCITP


    • Edited by SenneVL Tuesday, August 06, 2013 12:45 PM
    • Marked as answer by gordon451 Tuesday, August 06, 2013 11:40 PM
    Tuesday, August 06, 2013 12:45 PM

All replies

  • Once you're sure  the certificate presented is real and from your ISP  (in worst case by contacting the supplier (your ISP) and comparing the thumbprint) you can safely mark the certificate as trusted.

    For specifics on how to configure Eudora in your scenario, you better seek support at http://www.eudora.com/techsupport/


    MCP/MCSA/MCTS/MCITP


    • Edited by SenneVL Tuesday, August 06, 2013 12:45 PM
    • Marked as answer by gordon451 Tuesday, August 06, 2013 11:40 PM
    Tuesday, August 06, 2013 12:45 PM
  • So there's no way it happens automagically?  Say by importing a current root certificate?  (Told you I know very little!)

    Thank you for the Eudora link.

    Gordon.

    Tuesday, August 06, 2013 1:12 PM
  • Hi,

    indeed, certificates use a "chain of trust". Trusting the signing CA (certificate authority) will trust all certificates it signs. So in fact trusting the root certificate will trust the certificate itself too.

    Note that in case of unvalidated CA, it might be a better idea to only trust the specific certificate.


    MCP/MCSA/MCTS/MCITP

    Wednesday, August 07, 2013 3:42 PM