Rejected SMTP SSL Certificate

All the certificates in the chain from the one for the site you are using back to the root certificate must be valid including dates.  Did the software identify a specific error or certificate?  Actually the checks are normally only done to it finds one you have installed as trusted in your certificate (key) cache which normally means the root certificates of the Trusted Certificate Authorities.  And they must not be in CRL or ARL list (revoked).

For the record, here is the error message generated by Eudora:

The server’s SSL certificate was rejected for the following reason:
Certficate Error:  Unknown and unprovided root certificate.
Do you want to trust the certificate in future sessions?

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33554617 (0x20000b9)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
        Validity
            Not Before: May 12 18:46:00 2000 GMT
            Not After : May 12 23:59:00 2025 GMT
        Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)

This was followed by the Pubic Key (in Hex) and Yes/No buttons to trust the certificate

After consultation with another forum, I clicked Yes and the e-mail was sent successfully.

There were no subsequent certificate errors and no further action was needed.

So what do CRL and ARL refer to and where are these lists found?

Certificate Revocation List and Authority Revocation list. 

There are lots of threads out there about Eudora using a old Cybertrust certificate. But if you are only using it for your Eudora it probably is not that important.. 

Other theads about it not having certain other authorities certificate root certificates when using other mail servers.  Simple workaround is essentially to use Eudora's tool to find the bad or missing Root certificate and to Trust it.  Since it doesn't effect other products it is safe IF you trust the mail server you are talking to.  Also possible to find Cybertrust root certificate at its site (seems well hidden now that its a verizon service) and added it more directly which I would recommend if doing to your OS or Webbrowser.

The relevant threads I have found go back over a year (2013).  Most complaints of this nature were related to incorrect port numbers, which is not my problem.  Perhaps any Eudora or other minority 3rd party client users that may have had this experience more recently simply trusted the certificate and moved on.  But I would feel better knowing that I wasn't the only one.

There was at least one reply to an old post which claimed that the problem was with Verizon's certificates but there was no further acknowledgement of that.

I'll check back here in the future but after this amount of time, I don't expect to see anything.

Thanks very much for the information provided above.

I'm now in the same boat, EXCEPT when I click yes as to whether I want to use the certificate for future sessions, it lets me in, but does not save the certificate.  I get the mail for that session only.

Any thoughts.  I'm about to shift to EUDORA OSE or THunderbird

Add me to the list as of two days ago.  I can still receive email but get a certificate error when sending it.  I can send via Outlook but that's not terribly convenient.  What has just changed?

I had the same problem using Eudora 7.1.0.9 starting 2 days ago.  No changes made except for a Windows udpate.  I also run the free version of Avast.  My error message referred to the Avast certificate being no good.  I disabled scanning outgoing mail from Avast, but then got an error message same as referenced above.  To further complicate matters, I have personalities set up in Eudora that allow me to send through Verizon, but receive through a different ISP.

I changed the Avast settings to again allow scanning of outgoing mail.  I then went to the properties of my sending personality, clicked on last SSL info and then on Certificate Information Manager.  At the top was a certificate generated by Avast with a "+" sign next to it.  Clicking on that, I continued to follow the list down to the bottom where there was a Verizon certificate with what looked like a little skull and crossbones next to it.  I highlighted that and told Eudora to accept it and all is currently well.  We will see if it lasts.

---

@VanessaS wrote:

  I then went to the properties of my sending personality, clicked on last SSL info and then on Certificate Information Manager. 

---

Hot dog!  The Certificate Manager worked, even though it took two tries, first for one from the Netherlands and then one from Irving, Texas.   Thanks.

I'm a total novice working with certifs and have the same problems as many others....using Eudora 6.2.5.6

Starting a few days ago, I couldn't send email...Today I cannot check mail. The certificate has expired, obviously.

It doesn't matter if I "add to trusted".

Can someone please tell me the next step, if there is one. I've never done anything with any certifs, ever...

Though, I've been using Eudora for nearly 20 years !

thanx much for any help

I'm now in the same boat... my version of Eudora is showing the same certificate problem as yours, also from the Irving, TX location. I have tried the various solutions people have offered on the web forums, but without luck. I have right-clicked the dominant personality, opened Properties, selected Incoming Mail, and Last SSL. Every time, I have the same skull-and-crossbones on the last certificate in the list under Cybertrust (which is actually owned by Verizon), and no matter how many times I tell it to Add to Trusted, it doesn't.

Any other suggestions (other than using a different email client)? Is there a way outside of Eudora to import an updated, valid certificate?

Thanks for any advice you can offer. I'm going nuts here.

 UPDATE: Okay, I decided to have one more whack at it, and sure enough, I had to "crawl" from the top icon (a smiley face) all the way down to the bottom (the skull and crossbones), going through the same miserable steps at each level.

1. right-click the Dominant Personality.
2. click Properties.
3. select the Incoming Mail tab.
4. click Last SSL button.
5. open the Certificate Manager.
6. open the smiley face icon tree until you get to the skull and crossbones.
7. select the top one (and when you repeat this list, select the next, and the next, and so on, until you get to the bottom).
8. click Add to Trusted.
9. Click Done (this closes the Certificate Manager).
10. Close the Personality box.
11. send a test mail (it will fail until all the nodes are trusted).
12. repeat steps 1-11 until you finally add the skull and crossbones line to the Trusted list.

Your mileage may vary, but I was shocked when I could finally send/receive email again using Eudora.

Having the same problem, could not send mail beginning 8/28, but could receive it.

Today, 8/31, could neither send nor receive... so came here.

Doing the steps as above has only restored incoming mail; still can't send, and all the certificates I can see are accepted (smiley faces instead of skull/crossbones).

Anything else to try? I'm loathe to abandon Eudora b/c it works better than any of the alternatives and I have a >20 yr  archive that I don't want to lose.

I am able to RX mail by trusting the new certificates in the Certificate Manager. These are associated with the pop.verizon.net certificate.

Sending mail is still broken as the SSL negotiation fails and the certificate will not update. This is associated with the smtp.verizon.net certificate.

I also tried renaming my Eudora usercerts.p7b file (manages SSL certificates) and building a new one with the same results. smtp.verizon.net will not update????

I came back from vacation 2 days ago and I get this message "Verizon Server SSL Certificate Rejection" which is the same as others report (fig 1). I've used Eudora with a Verizion personality since Windows 8 (when I joined the Verizon family from Comcast) with nary a problem. Nothing has changed on my PC since I came back from vacation (except a few Microsoft Win8.1 updates which got automatically installed when I booted the computer after my vacation.

When I go into properties for the Verizon personality, the Last SSL manager doesn't work since I never used SSL since the last opening (Fig 2)

Anyone have any suggestions about how to fix this problem or find a workaround?

Jpegman

• When I go into properties for the Verizon personality, the Last SSL manager doesn't work since I never used SSL since the last opening

I got the same thing at first. But, all I had to do was try to check mail one time after opeing Eudora. You should then get the rejected certicate error...and then you can view the certificate using the manager.

• Doing the steps as above has only restored incoming mail; still can't send

remember, there is a different certificate for sending and checking.  I had to "add to trusted" the skull in "tools > options" for both "checking mail" and "sending mail"

• I'm a total novice working with certifs and have the same problems as many others....using Eudora 6.2.5.6
•  
• Starting a few days ago, I couldn't send email...Today I cannot check mail. The certificate has expired, obviously.
• It doesn't matter if I "add to trusted".
•  
• Can someone please tell me the next step, if there is one. I've never done anything with any certifs, ever...
• Though, I've been using Eudora for nearly 20 years !
•  
• thanx much for any help

-------------------------------

I was actully able to import a certif from another Eudora I had that expired 2017. Then, simply clicking on the skull and "add to trusted" worked.

The backwards red "L" thru the skull in my pic above abviously means the certif was rejected AND has expired. If there is  no backwards red "L" on the skull, then it looks like a normal rejection and "add to trusted" will work.

I guess my only question now is, what do I do in 2017.....How do you get updated certificates?