Can not add any POP account: TLS handshake failed. Reason: net::ERR CERT AUTHORITY INVALID
-
Hello, So I downloaded the new Vivaldi, excited by the Mail component.
I tried to add 2 POP3 accounts, both are running and getting mail in Outlook, and I can login to the web interfaces (username/passwords are correct) I am an experienced user. Both accounts report the same error on two windows 10 machines, with clean Vivaldi installs 05-15-2023. Vivaldi 6.0.2979.18 OS Windows 10 Version 22H2 (Build 19045.2965).
Outlook is set for port pop3:995 and smtp:465 'server requires ssl/tls is checked.
One of those things that I can not believe that I am the only person to ever have this problem, but on two clean first time install machines?
Just tried a NetRunner linux box, same result... IMAP seems to work!! does Vivaldi Mail no-longer support POP3 accounts? I did disable all anti-virus, ad blockers, turned of the PiHole, etc...
Nothing weird, no local certificate stores, 7 layer proxies, just a simple computer trying to get email.Any ideas, comments?
Thanks! -
@jafvu
Hi, I have a outlook.de account, if I use automatic POP3 connection I get this:I don´t use this account, just for testing.
Cheers, mib
-
@jafvu The certificate for the server is probably not formatted according to the current standards for what should be in a certificate. A recent example here in the forums was a cert coded as they were in the mid-1990s.
Chromium's certificate verifier is VERY strict about those details.
This is something that the mail server admin have to fix.
-
@yngve Hello, thanks for the reply, still strange though, one account is cox.net and the other is privateemail.com, same results, but outlook is fine. I realize that Cox does not care about any of this and wants to get rid of personal email anyway, but still, that is odd. But IMAP works ok! I want POP because I do not want to use any storage on the servers.
Outlook configuration that is working.I did flush my local certificate cache
Going to probe around some more with openssl, and see I can see anything else.
Thanks -
@jafvu Hello, OK, so I won't be that guy who post something like this and then says 'oh, it is fixed, nevermind' and disappears.... As embarrassing as it is, here is the deal. I have a Sophos UTM 9.7 software firewall, that has POP3 proxy inline anti-virus. It does this with a man-in-the-middle type thing, that it gives the email client a cert and then the email server a cert and acts as a go-between. I obviously forgot about that, since the router issues the cert it is not validated... and you get this box
.
You can install the certificate (most of the time, some times it kicks out again) but then you forget about it of course
So I used "openssl s_client -connect your-email-server.com:465" and saw that the certificate info was local and invalid...
Vivaldi did not trip the windows Internet Security Warning, so I did not even think about it.
For testing I turned off POP3 Proxy in the Sophos and it is working correctly now. Will have to work on the cert setup for the firewall.
Thank you very much for your input!
-
@jafvu Hmmm, The cert I see when connecting with OpenSSL looks OK, and was issued by one of the Comodo CAs.
That makes me wonder if there is some kind of security software intercepting your email connections to POP3, and that the other email client is allowed to bypass the interception (possibly because it is "Outlook").
Such software tends to use self-signed certificates, which would likely trigger this error. If you have such software installed, there is probably a setting that can be configured to disable it for Vivaldi.