Peer's Certificate issuer is not recognized.

Trying to connect securely to news.eternal-september.org on port 563, I 
get an Alert box with the text "Peer's Certificate issuer is not 
recognized."  There aren't any override options in the Alert, only an 
"OK" button.

The Error Console says:

   news.eternal-september.org:563 uses an invalid security certificate.
   The certificate is not trusted because no issuer chain was provided.
   (Error code: sec_error_unknown_issuer)

How can I override, to accept the cert?
0
ISO
1/17/2014 9:15:05 PM
📁 mozilla.support.thunderbird
📃 22506 articles.
⭐ 5 followers.

💬 10 Replies
👁️‍🗨️ 22118 Views

On 01/17/2014 10:15 PM, »Q« wrote:
> Trying to connect securely to news.eternal-september.org on port 563, I
> get an Alert box with the text "Peer's Certificate issuer is not
> recognized."  There aren't any override options in the Alert, only an
> "OK" button.
> 
> The Error Console says:
> 
>   news.eternal-september.org:563 uses an invalid security certificate.
>   The certificate is not trusted because no issuer chain was provided.
>   (Error code: sec_error_unknown_issuer)
> 
> How can I override, to accept the cert?

Works fine here.
The file cert8.db in your profile folder may have become corrupted. Try
to delete this file while Thunderbird is closed. Make sure to backup any
personal certificates you want to keep before deleting the file.

-- 
Christian
0
Christian
1/17/2014 9:44:07 PM
On 2014-01-17 15:44, Christian Riechers wrote:
> On 01/17/2014 10:15 PM, »Q« wrote:
>> Trying to connect securely to news.eternal-september.org on port 563, I
>> get an Alert box with the text "Peer's Certificate issuer is not
>> recognized."  There aren't any override options in the Alert, only an
>> "OK" button.
>>
>> The Error Console says:
>>
>>    news.eternal-september.org:563 uses an invalid security certificate.
>>    The certificate is not trusted because no issuer chain was provided.
>>    (Error code: sec_error_unknown_issuer)
>>
>> How can I override, to accept the cert?
>
> Works fine here.
> The file cert8.db in your profile folder may have become corrupted. Try
> to delete this file while Thunderbird is closed. Make sure to backup any
> personal certificates you want to keep before deleting the file.

Unfortunately, that didn't help -- I get the same results.

0
UTF
1/17/2014 10:22:54 PM
On 1/17/2014 4:15 PM, �Q� wrote:
> Trying to connect securely to news.eternal-september.org on port 563, I
> get an Alert box with the text "Peer's Certificate issuer is not
> recognized."  There aren't any override options in the Alert, only an
> "OK" button.
>
> The Error Console says:
>
>    news.eternal-september.org:563 uses an invalid security certificate.
>    The certificate is not trusted because no issuer chain was provided.
>    (Error code: sec_error_unknown_issuer)
>
> How can I override, to accept the cert?

Is it necessary to use port 563?  Try port 119.
Dave Pyles
0
Dave
1/17/2014 11:10:27 PM
On 2014-01-17 17:10, Dave Pyles wrote:
> On 1/17/2014 4:15 PM, �Q� wrote:
>> Trying to connect securely to news.eternal-september.org on port 563, I
>> get an Alert box with the text "Peer's Certificate issuer is not
>> recognized."  There aren't any override options in the Alert, only an
>> "OK" button.
>>
>> The Error Console says:
>>
>>    news.eternal-september.org:563 uses an invalid security certificate.
>>    The certificate is not trusted because no issuer chain was provided.
>>    (Error code: sec_error_unknown_issuer)
>>
>> How can I override, to accept the cert?
>
> Is it necessary to use port 563?  Try port 119.

With port 119, snews can't be used.

0
ISO
1/18/2014 12:34:46 AM
=C2=BBQ=C2=AB decreed, Read These Runes!:
> On 2014-01-17 17:10, Dave Pyles wrote:
>> On 1/17/2014 4:15 PM, =C2=BBQ=C2=AB wrote:
>>> Trying to connect securely to news.eternal-september.org on port 563,=
 I
>>> get an Alert box with the text "Peer's Certificate issuer is not
>>> recognized."  There aren't any override options in the Alert, only an=

>>> "OK" button.
>>>
>>> The Error Console says:
>>>
>>>    news.eternal-september.org:563 uses an invalid security certificat=
e.
>>>    The certificate is not trusted because no issuer chain was provide=
d.
>>>    (Error code: sec_error_unknown_issuer)
>>>
>>> How can I override, to accept the cert?
>>
>> Is it necessary to use port 563?  Try port 119.
>=20
> With port 119, snews can't be used.

Have you tried using openssl, something like:

$ openssl s_client -showcerts -connect \
news.eternal-september.org:563 </dev/null

--=20
Boy, life takes a long time to live.
		-- Steven Wright

0
RM
1/18/2014 4:13:40 AM
On 1/17/2014 8:13 PM, RM wrote:
> �Q� decreed, Read These Runes!:
>> On 2014-01-17 17:10, Dave Pyles wrote:
>>> On 1/17/2014 4:15 PM, �Q� wrote:
>>>> Trying to connect securely to news.eternal-september.org on port 563, I
>>>> get an Alert box with the text "Peer's Certificate issuer is not
>>>> recognized."  There aren't any override options in the Alert, only an
>>>> "OK" button.
>>>>
>>>> The Error Console says:
>>>>
>>>>    news.eternal-september.org:563 uses an invalid security certificate.
>>>>    The certificate is not trusted because no issuer chain was provided.
>>>>    (Error code: sec_error_unknown_issuer)
>>>>
>>>> How can I override, to accept the cert?
>>>
>>> Is it necessary to use port 563?  Try port 119.
>>
>> With port 119, snews can't be used.
> 
> Have you tried using openssl, something like:
> 
> $ openssl s_client -showcerts -connect \
> news.eternal-september.org:563 </dev/null
> 

The original post in this thread was from a Windows user, not a UNIX or
Linux user.

-- 

David E. Ross
<http://www.rossde.com/>

On occasion, I filter and ignore all newsgroup messages
posted through GoogleGroups via Google's G2/1.0 user agent
because of spam, flames, and trolling from that source.
0
David
1/18/2014 5:05:41 PM
On 01/17/2014 11:22 PM, »Q« wrote:
> On 2014-01-17 15:44, Christian Riechers wrote:
>> On 01/17/2014 10:15 PM, »Q« wrote:
>>> Trying to connect securely to news.eternal-september.org on port 563, I
>>> get an Alert box with the text "Peer's Certificate issuer is not
>>> recognized."  There aren't any override options in the Alert, only an
>>> "OK" button.
>>>
>>> The Error Console says:
>>>
>>>    news.eternal-september.org:563 uses an invalid security certificate.
>>>    The certificate is not trusted because no issuer chain was provided.
>>>    (Error code: sec_error_unknown_issuer)
>>>
>>> How can I override, to accept the cert?
>>
>> Works fine here.
>> The file cert8.db in your profile folder may have become corrupted. Try
>> to delete this file while Thunderbird is closed. Make sure to backup any
>> personal certificates you want to keep before deleting the file.
> 
> Unfortunately, that didn't help -- I get the same results.

The openssl command suggested by another poster returns:

Certificate chain
 0
s:/description=z8x2a0S5FjpJGCa7/C=DE/CN=news.eternal-september.org/emailAddress=<email
address skipped>
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1 Primary Intermediate Server CA

Make sure you do have the issuer cert from StartCom in your Thunderbird
certificate store.

-- 
Christian

0
Christian
1/18/2014 6:31:22 PM
David E. Ross decreed, Read These Runes!:
> On 1/17/2014 8:13 PM, RM wrote:
>> =C2=BBQ=C2=AB decreed, Read These Runes!:
>>> On 2014-01-17 17:10, Dave Pyles wrote:
>>>> On 1/17/2014 4:15 PM, =C2=BBQ=C2=AB wrote:
>>>>> Trying to connect securely to news.eternal-september.org on port 56=
3, I
>>>>> get an Alert box with the text "Peer's Certificate issuer is not
>>>>> recognized."  There aren't any override options in the Alert, only =
an
>>>>> "OK" button.
>>>>>
>>>>> The Error Console says:
>>>>>
>>>>>    news.eternal-september.org:563 uses an invalid security certific=
ate.
>>>>>    The certificate is not trusted because no issuer chain was provi=
ded.
>>>>>    (Error code: sec_error_unknown_issuer)
>>>>>
>>>>> How can I override, to accept the cert?
>>>>
>>>> Is it necessary to use port 563?  Try port 119.
>>>
>>> With port 119, snews can't be used.
>>=20
>> Have you tried using openssl, something like:
>>=20
>> $ openssl s_client -showcerts -connect \
>> news.eternal-september.org:563 </dev/null
>>=20
>=20
> The original post in this thread was from a Windows user, not a UNIX or=

> Linux user.

I'm fairly sure he has access to a linux box.

--=20
Cold, adj.:
	When the local flashers are handing out written descriptions.

0
RM
1/18/2014 9:17:10 PM
On 2014-01-17 14:15, �Q� wrote:
> The Error Console says:
> 
>   news.eternal-september.org:563 uses an invalid security certificate.
>   The certificate is not trusted because no issuer chain was provided.
>   (Error code: sec_error_unknown_issuer)
> 

Is it possible your antivirus is acting as a proxy and intercepting
requests?

0
Michael
1/18/2014 10:23:28 PM
In <news:VcmdnRQSrornVUfPnZ2dnUVZ_hadnZ2d@mozilla.org>,
Christian Riechers <chriechers@netscape.net.invalid> wrote:

> On 01/17/2014 11:22 PM, »Q« wrote:
> > On 2014-01-17 15:44, Christian Riechers wrote:
> >> On 01/17/2014 10:15 PM, »Q« wrote:
> >>> Trying to connect securely to news.eternal-september.org on port
> >>> 563, I get an Alert box with the text "Peer's Certificate issuer
> >>> is not recognized."  There aren't any override options in the
> >>> Alert, only an "OK" button.
> >>>
> >>> The Error Console says:
> >>>
> >>>    news.eternal-september.org:563 uses an invalid security
> >>> certificate. The certificate is not trusted because no issuer
> >>> chain was provided. (Error code: sec_error_unknown_issuer)
> >>>
> >>> How can I override, to accept the cert?
> >>
> >> Works fine here.
> >> The file cert8.db in your profile folder may have become
> >> corrupted. Try to delete this file while Thunderbird is closed.
> >> Make sure to backup any personal certificates you want to keep
> >> before deleting the file.
> > 
> > Unfortunately, that didn't help -- I get the same results.
> 
> The openssl command suggested by another poster returns:
> 
> Certificate chain
>  0
> s:/description=z8x2a0S5FjpJGCa7/C=DE/CN=news.eternal-september.org/emailAddress=<email
> address skipped>
>    i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
> Signing/CN=StartCom Class 1 Primary Intermediate Server CA
> 
> Make sure you do have the issuer cert from StartCom in your
> Thunderbird certificate store.

Sorry to have abandoned this thread.  I didn't mean to;  I just forgot
about it as I was in the midst of other issues at the time.  Thanks to
all who tried to help.

I don't need it solved now;  I "solved" it by using a client that
prompts the user to accept or reject the cert.
-1
UTF
2/17/2014 8:17:25 PM
Reply:

Similar Posts: