mail.com conflicting SSL certificates

Discussion in 'Help Desk' started by frugalphone, Jul 14, 2014.

  1. frugalphone

    frugalphone New Email

    Joined:
    Jul 14, 2014
    Messages:
    1
    Likes Received:
    0
    I logged into mail.com 2July with SSL, no indication of any login problem.

    A couple days ago, tried login again and got SSL certificate errors, there was no certificate chain at all for *.mail.com. Error

    "Safari can't verify the identity of the website "login.mail.com"
    The certificate for this website was signed by an unknown certification

    Trying to find what to load, I see conflicting root certificates referenced by Thawte vs GlobalSign

    Thawte says (who issued certs) root serial number is
    3365500879ad73e230b9e01d0d7fac91


    GlobalSign certificate checker says root should be

    34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D


    My Safari browser comes up with the same Thawte Root certificate as GlobalSign, and NOT the one listed by Thawte!



    Thawte certificate checker
    https://ssltools.thawte.com/checker/views/certCheck.jsp

    Globalsign certificate checker
    https://sslcheck.globalsign.com/en_US/sslcheck?host=www.mail.com#74.208.122.31-cert-ssl


    To try to resolve, I've just downloaded the Thawte root certificates into my Keychain Access from here, so now all the certificates show as valid, but I am still getting the error Safari can't verify identity of website:
    https://www.thawte.com/roots/index.html


    To try to see what happens, I did continue with the email login, despite SSL certificate warning. And every page came up with the same warning.

    ?? Any ideas why getting different Thawte root certs based on the SSL checker used?

    ?? Any ideas how I can update or synch my Keychain Access certs, so I can use mail.com again? I've spent about 3-4 days on this so far , any advice is much appreciated!


    UPDATE: I just noticed Thawte checker shows the chain as two Intermediate certificates, with NO root certificate. The cert name is "thawte Primary Root Certificate" (yes, with lower case 't') but shows as Intermediate cert, not as Root cert.

    GlobalSign chain looks like a full Root cert
     


    Last edited: Jul 14, 2014

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...