Home » Computers - General » Configuring Hostpapa POP3 email with SSL using Outlook – Fixing SSL “self-signed certificate” errors

Configuring Hostpapa POP3 email with SSL using Outlook – Fixing SSL “self-signed certificate” errors

So you have decided to use SSL with POP3 to get your email from your Hostpapa- hosted site. The cPanel control panel gives you instructions on how to tell Outlook how to do this, and it is left as an exercise for the reader.

Once everything is configured and you actually connect to the POP3 box, Windows/Outlook gives you an error message telling you:

“The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Do you want to continue using this server?”

So what is really happening? SSL certificates are weird things – the way I understand them is that when you buy a certificate from a Certification Authority like Verisign, the certificate that you get points to a root certificate from Verisign. That Verisign root certificate (and other root certificates from other certification authorities is installed by default by Microsoft. When your computer makes a connection via SSL to the server, it can and does check the server’s certificate. Following the chain of certificates to the root, it finds the Verisign Root certificate. Since this certificate matches the root certificate already installed, everything is good.

Why are we getting that self-signed certificate error, then? What happened is that it is possible for people to generate a certificate that is self-signed, meaning it does not link to a trusted Certification Authority. In this case, the root certificate does not match anything on the system, and a warning message is displayed. Hostpapa must have just used self-signed certificates, making things harder for the users.

I have found two different methods to get the certificate, either using OpenSSL or using Firefox 3. I’m sure there are others, but both of these methods work.

Method#1 to get the Certificate: Using OpenSSL

Download OpenSSL for Windows and install it:

Open a command line prompt (start->run->cmd)

At the command prompt (c:\>) type:

cd \program files\gnuwin32\bin

Then type in the following commands:

openssl s_client -connect hp12.hostpapa.com:995 > file.txt

[replace hp12.hostpapa.com with the server name showing in cPanel]

Ctrl+C (to exit the program)

openssl x509 -in file.txt -outform DER -out hostpapa.der

start hostpapa.der

This starts the certificate import wizard.

Click Install Certificate

Click Next

Click Next

Method #2 for getting the SSL Certificate, using only Firefox

You will need the Firefox 3 web browser installed for this to work. Note the number of dialogs and clicks required to get you where you want. You will feel like a criminal doing this but it is perfectly legitimate and safe.

  1. Open your Firefox browser, in url box type about:config and press enter.
  2. In next screen you will get a warning message click on “I will be careful, I promise!” button.
  3. In next screen search for “network.security.ports.banned.override”.
  4. If this string is not there write click anywhere in the firefox text window and click on new and then select string.
  5. You will get a box says ” Enter the preference name” in its text box give the name “network.security.ports.banned.override” and press ok.
  6. In next screen you have to give the string value. This string value is port number of your port.
  7. If you want to allow all port then please give 0-65535. It will allow all the port. If you want to give some specific port then you can give those specific port using comma separated value example 101, 102, 103 etc. Choose only 995 for HostPapa, because POP3 SSL runs on this port
  8. Start Firefox and enter the following URL: https://hp12.hostpapa.com:995

Click “Or you can add an exception”

Click Add an exception

Click Get Certificate

Click View, select the Details tab

Click Export

Choose x.509 Certificate, click save, and close all the Firefox dialogs

Double Click the hp12.hostpapa.der certificate, and choose to install the certificate. Method #1 shows the dialogs on Windows Vista that show up when importing the certificate.

Note that you are importing the certificate only for the current user. If you want to import for all users on the machine, you must use the MMC


File->Add /Remove SnapIn -> Locate Certmgr.msc in c:\windows\system32

Indicate Local machine

Open ConsoleRoot->Certificates(LocalComputer)->Trusted Root Certification Authorities->Certificates

Right-click on Certificates->All Tasks->Import

Follow the wizard to import the saved certificate

One thought on “Configuring Hostpapa POP3 email with SSL using Outlook – Fixing SSL “self-signed certificate” errors

  1. Great blog, very useful, been struggling with this issue for weeks with IMAP the process is the same, only the port numbers are diffrent.

    Probably worth adding that also for IMAP you need to repeat the process for the outgoing port if you have that encrypted with ssl as well.

    Again, thank you very much.

Leave a Reply

Your email address will not be published. Required fields are marked *