mail.com conflicting SSL certificates

frugalphone

New Email
I logged into mail.com 2July with SSL, no indication of any login problem.

A couple days ago, tried login again and got SSL certificate errors, there was no certificate chain at all for *.mail.com. Error

"Safari can't verify the identity of the website "login.mail.com"
The certificate for this website was signed by an unknown certification

Trying to find what to load, I see conflicting root certificates referenced by Thawte vs GlobalSign

Thawte says (who issued certs) root serial number is
3365500879ad73e230b9e01d0d7fac91


GlobalSign certificate checker says root should be

34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D


My Safari browser comes up with the same Thawte Root certificate as GlobalSign, and NOT the one listed by Thawte!



Thawte certificate checker
https://ssltools.thawte.com/checker/views/certCheck.jsp

Globalsign certificate checker
https://sslcheck.globalsign.com/en_US/sslcheck?host=www.mail.com#74.208.122.31-cert-ssl


To try to resolve, I've just downloaded the Thawte root certificates into my Keychain Access from here, so now all the certificates show as valid, but I am still getting the error Safari can't verify identity of website:
https://www.thawte.com/roots/index.html


To try to see what happens, I did continue with the email login, despite SSL certificate warning. And every page came up with the same warning.

?? Any ideas why getting different Thawte root certs based on the SSL checker used?

?? Any ideas how I can update or synch my Keychain Access certs, so I can use mail.com again? I've spent about 3-4 days on this so far , any advice is much appreciated!


UPDATE: I just noticed Thawte checker shows the chain as two Intermediate certificates, with NO root certificate. The cert name is "thawte Primary Root Certificate" (yes, with lower case 't') but shows as Intermediate cert, not as Root cert.

GlobalSign chain looks like a full Root cert
 
Last edited:
Top