So you have decided to use SSL with POP3 to get your email from your Hostpapa- hosted site. The cPanel control panel gives you instructions on how to tell Outlook how to do this, and it is left as an exercise for the reader.
Once everything is configured and you actually connect to the POP3 box, Windows/Outlook gives you an error message telling you:
“The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Do you want to continue using this server?”
So what is really happening? SSL certificates are weird things – the way I understand them is that when you buy a certificate from a Certification Authority like Verisign, the certificate that you get points to a root certificate from Verisign. That Verisign root certificate (and other root certificates from other certification authorities is installed by default by Microsoft. When your computer makes a connection via SSL to the server, it can and does check the server’s certificate. Following the chain of certificates to the root, it finds the Verisign Root certificate. Since this certificate matches the root certificate already installed, everything is good.
Why are we getting that self-signed certificate error, then? What happened is that it is possible for people to generate a certificate that is self-signed, meaning it does not link to a trusted Certification Authority. In this case, the root certificate does not match anything on the system, and a warning message is displayed. Hostpapa must have just used self-signed certificates, making things harder for the users.
I have found two different methods to get the certificate, either using OpenSSL or using Firefox 3. I’m sure there are others, but both of these methods work.
Method#1 to get the Certificate: Using OpenSSL
Download OpenSSL for Windows and install it:
Open a command line prompt (start->run->cmd)
At the command prompt (c:\>) type:
cd \program files\gnuwin32\bin
Then type in the following commands:
openssl s_client -connect hp12.hostpapa.com:995 > file.txt
[replace hp12.hostpapa.com with the server name showing in cPanel]
Ctrl+C (to exit the program)
openssl x509 -in file.txt -outform DER -out hostpapa.der
This starts the certificate import wizard.
Click Install Certificate
Method #2 for getting the SSL Certificate, using only Firefox
You will need the Firefox 3 web browser installed for this to work. Note the number of dialogs and clicks required to get you where you want. You will feel like a criminal doing this but it is perfectly legitimate and safe.
- Open your Firefox browser, in url box type about:config and press enter.
- In next screen you will get a warning message click on “I will be careful, I promise!” button.
- In next screen search for “network.security.ports.banned.override”.
- If this string is not there write click anywhere in the firefox text window and click on new and then select string.
- You will get a box says ” Enter the preference name” in its text box give the name “network.security.ports.banned.override” and press ok.
- In next screen you have to give the string value. This string value is port number of your port.
- If you want to allow all port then please give 0-65535. It will allow all the port. If you want to give some specific port then you can give those specific port using comma separated value example 101, 102, 103 etc. Choose only 995 for HostPapa, because POP3 SSL runs on this port
Start Firefox and enter the following URL: https://hp12.hostpapa.com:995
Click “Or you can add an exception”
Click Add an exception
Click Get Certificate
Click View, select the Details tab
Choose x.509 Certificate, click save, and close all the Firefox dialogs
Double Click the hp12.hostpapa.der certificate, and choose to install the certificate. Method #1 shows the dialogs on Windows Vista that show up when importing the certificate.
Note that you are importing the certificate only for the current user. If you want to import for all users on the machine, you must use the MMC
File->Add /Remove SnapIn -> Locate Certmgr.msc in c:\windows\system32
Indicate Local machine
Open ConsoleRoot->Certificates(LocalComputer)->Trusted Root Certification Authorities->Certificates
Right-click on Certificates->All Tasks->Import
Follow the wizard to import the saved certificate