Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Do Mercury created certificates expire?

Last post 09-13-2017, 16:44 by Brian Fluet. 8 replies.
Sort Posts: Previous Next
  •  09-06-2017, 15:54

    • Brian Fluet is not online. Last active: 09-20-2017, 23:03 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 16,315

    Do Mercury created certificates expire?

    I have a coworker accessing mail via IMAP with a smartphone who has started received a message that the certificate has expired.  I have a certificate in place that was created with Mercury but didn't think they expired.  IMAP access using Pegasus Mail on my desktop PC works fine.  Anyone have any thoughts about what is going on?

     


    Brian Fluet
  •  09-06-2017, 16:36

    • Brian Fluet is not online. Last active: 09-20-2017, 23:03 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 16,315

    Re: Do Mercury created certificates expire?

    Follow-up...

    I have attempted creating a new certificate (twice) but the IMAP connection attempts still fail from the smartphone.  Two question:

    1.  Mercury.ini contains the server name (CN) as "domainname.com"  The phones connect to "imap.domainname.com".  Which should I use in the certificate?

    2.  In searching this forum I found a thread where someone had a problem with the certificate not loading.  How do I check that or troubleshoot this problem further?

    One user is accessing the server and a session log for one of those attempts contains an entry stating "no peer certificate presented" when connections are attempted. The other user is receiving a "server not responding" message.

    MercuryI configuration points to the correct file (imapcert.pem); Mercury has been restarted.

    I'm at a loss as to where to go from here.

     


    Brian Fluet
  •  09-06-2017, 23:22

    • Brian Fluet is not online. Last active: 09-20-2017, 23:03 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 16,315

    Re: Do Mercury created certificates expire?

    I got my hands on one of these users phones.  The new certificate is being recognized but is untrusted.  At least I now know that the problem is with the phone and not with Mercury.  I remained surprised by the expiration of the previous certificate though.  I can not find any documentation about built-in expiration. 

     


    Brian Fluet
  •  09-09-2017, 17:36

    • Rolf Lindby is not online. Last active: 2017-09-21, 1:07 Rolf Lindby
    • Top 10 Contributor
    • Joined on 05-08-2007
    • Stockholm, Sweden
    • SuperStar
    • Points 25,535
    • BetaTeam Moderator SystemAdministrator

    Re: Do Mercury created certificates expire?

    A certificate always has a validity period, even though the expiry date could be quite far in the future. I checked a .pem file I created a few years ago with Mercury:

            Validity

                Not Before: Jul 12 16:08:07 2013 GMT

                Not After : Jul 12 16:08:07 2015 GMT

    You can check the values in a certificate by running this command from a command window:

    openssl x509 -in mycert.pem -text -noout 

    (mycert.pem should be replaced with the real filename of course.) 

     

  •  09-10-2017, 2:19

    • Brian Fluet is not online. Last active: 09-20-2017, 23:03 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 16,315

    Re: Do Mercury created certificates expire?

    The 2 year expiration is consistent with what I experienced based on the date stamp of the expired certificate file. 

    It's astounding how difficult it is to get the new certificate trusted on iDevices.  While researching I found info about installing a root certificate on the iPhone but there was emphasis on the server in the certificate being the same as the same as the configured mail server but did not specify whether the IMAP, POP, or SMTP server.  This is contrary to the Mercury manual which says to use the server name configured in Core.  I was able to get one device working by deleting then recreating the mail account.  I haven't  gotten access to another device but plan to test the installation of a root certificate on the next one.

     


    Brian Fluet
  •  09-12-2017, 16:39

    • jbanks is not online. Last active: 09-19-2017, 7:13 jbanks
    • Top 75 Contributor
    • Joined on 06-09-2007
    • Prince Edward Island, Canada
    • Member
    • Points 1,170

    Re: Do Mercury created certificates expire?

    Not sure if this helps or not but on most phones there is an option under "Security type" that says "SSL (accept all certificates)" or  "TLS (accept all certificates)

     

    I just use the mercury generated certificate and have never had any type of problem getting the certificate to be trusted.

     

    Jim 

  •  09-12-2017, 17:03

    • Brian Fluet is not online. Last active: 09-20-2017, 23:03 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 16,315

    Re: Do Mercury created certificates expire?

    I wish the iPhones were that easy.  It's either SSL on or off.  They don't provide a way to replace and expired certificate.  I installed a root certificate on the 2nd users phone but it wasn't recognized by the email account. 

    It gets worse.  Each install of an email account creates a new smtp server but removal of an account does not remove the associated server.  The result is numerous smtp servers of the same name, none of which can be delete if any one of them is configured in an existing account.  The only way to clean them up is to delete the account first.  I've been really impressed with iPhones until now. 

    Note:  The problem seems to be associated with iOS 10.3. An iPad running an older OS was notified of the new certificate and was able to trust it without issue.

     


    Brian Fluet
  •  09-13-2017, 16:28

    Re: Do Mercury created certificates expire?

    I'm using LetsEncrypt certificates for SMTP, IMAP and POP3 with Mercury. No problems with any Windows- or Linux browser and Android > 4.0.

  •  09-13-2017, 16:44

    • Brian Fluet is not online. Last active: 09-20-2017, 23:03 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 16,315

    Re: Do Mercury created certificates expire?

    After working through the problem it became apparent that the problem isn't with the certificate but with iOS 10.3 and it's inability to replace an expired certificate with a new one.

     


    Brian Fluet
View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page