Internet Forums

Reply
Posted Feb 10, 2013
5:45:42 PM
View profile
Recently getting SSL Certificate error for inbound.att.net - bad signature

The topic says it - starting a few weeks ago, every attempt to fetch pop3 mail gets me a popup with the following error:

-----

SSL Certificate check for inbound.att.net:

 

Issuer:            CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
Subject:           CN=inbound.att.net,OU=att.net Mail,O="AT&T Services, Inc.",L=Southfield,ST=Michigan,C=US
Fingerprint:       3e:13:32:42:87:cb:12:f7:2b:84:bd:a7:56:27:3c:8c
Signature:         BAD

Do you wish to accept?

-----

I am retrieving mail just fine from a different email account on a different PC with similar settings (although with different email app).
  In this case, I am using Evolution under Ubuntu Linux.  Everything was working fine until a few weeks ago.  I know I could just accept the certificate, but I would really love to understand what the problem actually is before I sweep it under the rug.

 

Thanks for any suggestions, preferably not pointing out I'm using "unsupported" software....

The topic says it - starting a few weeks ago, every attempt to fetch pop3 mail gets me a popup with the following error:

-----

SSL Certificate check for inbound.att.net:

 

Issuer:            CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
Subject:           CN=inbound.att.net,OU=att.net Mail,O="AT&T Services, Inc.",L=Southfield,ST=Michigan,C=US
Fingerprint:       3e:13:32:42:87:cb:12:f7:2b:84:bd:a7:56:27:3c:8c
Signature:         BAD

Do you wish to accept?

-----

I am retrieving mail just fine from a different email account on a different PC with similar settings (although with different email app).
  In this case, I am using Evolution under Ubuntu Linux.  Everything was working fine until a few weeks ago.  I know I could just accept the certificate, but I would really love to understand what the problem actually is before I sweep it under the rug.

 

Thanks for any suggestions, preferably not pointing out I'm using "unsupported" software....

Recently getting SSL Certificate error for inbound.att.net - bad signature

2,200 views
7 replies
(0) Me too
(0) Me too
Post reply
Cancel
Submit
Replies
(7)
0
(0)
  • Rate this reply
View profile
Feb 11, 2013 8:52:07 AM
0
(0)
Community Specialist

ostroffjh,

 

     I have included a few links that will hopefully be of help.

 

I'm having trouble with POP mail but it used to work

 

Email server settings (POP and SMTP)

 

 

     If your still having trouble please feel free to send a private message to one of our ATTCustomer care specialists by using the following link. Please include your name, email address, phone number and the best time to be contacted. An ATT representative will reach out to you within 48 hours.

 

Private Message

 

James

Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions here.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

ostroffjh,

 

     I have included a few links that will hopefully be of help.

 

I'm having trouble with POP mail but it used to work

 

Email server settings (POP and SMTP)

 

 

     If your still having trouble please feel free to send a private message to one of our ATTCustomer care specialists by using the following link. Please include your name, email address, phone number and the best time to be contacted. An ATT representative will reach out to you within 48 hours.

 

Private Message

 

James

Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions here.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

2 of 8 (2,166 Views)
0
(0)
  • Rate this reply
View profile
Feb 11, 2013 3:27:34 PM
0
(0)
Contributor

James,

 

Thanks for the response, but netither of the links you provided were helpful.  I have not changed password recently, and the problem is collecting my sbcglobal.net email via pop, not using att/yahoo to collect other email.

 

However, based on a bunch more searching, I am becoming more convinced that although AT&T/Yahoo might have made some recent change, the reason I am getting the error is likely due to a problem with the way Evolution is handling the SSL Certificates, and not with the certificate itself.  I'll pursue that path a bit further before I use your link for sending a private message.  One way or another, I'll post a follow-up when I have more information.

 

Jack

James,

 

Thanks for the response, but netither of the links you provided were helpful.  I have not changed password recently, and the problem is collecting my sbcglobal.net email via pop, not using att/yahoo to collect other email.

 

However, based on a bunch more searching, I am becoming more convinced that although AT&T/Yahoo might have made some recent change, the reason I am getting the error is likely due to a problem with the way Evolution is handling the SSL Certificates, and not with the certificate itself.  I'll pursue that path a bit further before I use your link for sending a private message.  One way or another, I'll post a follow-up when I have more information.

 

Jack

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

3 of 8 (2,157 Views)
0
(0)
  • Rate this reply
View profile
Feb 14, 2013 9:50:50 AM
0
(0)
Community Specialist

ostroffjh,

 

     Yes a follow up post would be great, not only for myself but for many others that might encounter an issue like this as well.

 

 

James

 

Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions here.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

ostroffjh,

 

     Yes a follow up post would be great, not only for myself but for many others that might encounter an issue like this as well.

 

 

James

 

Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions here.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

4 of 8 (2,125 Views)
0
(0)
  • Rate this reply
View profile
Oct 25, 2013 5:30:56 AM
0
(0)
Contributor

Here we are 8 months later and I'm now having the same issue. Specifically, I've been using pop.att.yahoo.com for inbound on my Samsung Galaxy S (Verizon) cell. About a week or two ago I stopped getting my messages to the cell, although they are picked up by Outlook on the desktop. When I try changing it to inbound.att.net it says "cannot safely connect to server. org.bouncycastle.jce.exception . Could not validate certificate."  ATT says SENDING  is a "known issue" but my problem is receiving. Seems like it's been going on for quite a while...

 

Any ideas? Does ATT know about this? ( I just sent them a private note...)

 

Ed

Here we are 8 months later and I'm now having the same issue. Specifically, I've been using pop.att.yahoo.com for inbound on my Samsung Galaxy S (Verizon) cell. About a week or two ago I stopped getting my messages to the cell, although they are picked up by Outlook on the desktop. When I try changing it to inbound.att.net it says "cannot safely connect to server. org.bouncycastle.jce.exception . Could not validate certificate."  ATT says SENDING  is a "known issue" but my problem is receiving. Seems like it's been going on for quite a while...

 

Any ideas? Does ATT know about this? ( I just sent them a private note...)

 

Ed

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

5 of 8 (1,593 Views)
0
(0)
  • Rate this reply
View profile
Oct 25, 2013 5:49:07 AM
0
(0)
Contributor
Seems I'm not able to send either....
Seems I'm not able to send either....

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

6 of 8 (1,590 Views)
0
(0)
  • Rate this reply
View profile
Mar 22, 2015 10:48:36 PM
0
(0)
Contributor

Same thing began happening to me on just one of the ATT_yahoo email accounts I use, all three in the same email client.  The other two (SBCglobal, also in ATT) connect fine as usual, but the att.net account with the server INBOUND.ATT.NET suddenly stopped checking mail, won't pass the SSL handshake and connect.  It gives a message that the CERTIFICATE is bad; "name on the destination host does not match the name on the certificate."  (Shows a big text box of info on that cert with a YES or NO choice as to trust it.)

 

Knowing that Superfish was recently found in some namebrand tablet PCs, and that it contains the Komodia redirector crapware to pass SSL connections through untrusted parties, I don't choose to trust that cert.  After finding no actual answer on this forum I tried callling ATT support again for a simple YES or NO as to whether the CERT INFO shown is correct for their named server (name not shown on cert), or not to trust it.  Seems like a simple yes/no answer for ATT to reply as to a valid cert, but ...  no dice unless I buy paid support contract on pretext that my Eudora client (which works FINE otherwise) is the problem because it raised a flag. 

 

I'll have to stifle any comments about the webmail interface and the interface on this forum which has lost/dumped my previous comments.  You can guess what I think, and all of us need to guess whether our SSL email connections are being monitored by (?) third parties or not.

Same thing began happening to me on just one of the ATT_yahoo email accounts I use, all three in the same email client.  The other two (SBCglobal, also in ATT) connect fine as usual, but the att.net account with the server INBOUND.ATT.NET suddenly stopped checking mail, won't pass the SSL handshake and connect.  It gives a message that the CERTIFICATE is bad; "name on the destination host does not match the name on the certificate."  (Shows a big text box of info on that cert with a YES or NO choice as to trust it.)

 

Knowing that Superfish was recently found in some namebrand tablet PCs, and that it contains the Komodia redirector crapware to pass SSL connections through untrusted parties, I don't choose to trust that cert.  After finding no actual answer on this forum I tried callling ATT support again for a simple YES or NO as to whether the CERT INFO shown is correct for their named server (name not shown on cert), or not to trust it.  Seems like a simple yes/no answer for ATT to reply as to a valid cert, but ...  no dice unless I buy paid support contract on pretext that my Eudora client (which works FINE otherwise) is the problem because it raised a flag. 

 

I'll have to stifle any comments about the webmail interface and the interface on this forum which has lost/dumped my previous comments.  You can guess what I think, and all of us need to guess whether our SSL email connections are being monitored by (?) third parties or not.

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

7 of 8 (84 Views)
0
(0)
  • Rate this reply
View profile
Mar 23, 2015 10:24:47 AM
0
(0)
Scholar

Not a clue if this helps any, but my understanding is, certificates do expire over time, and have to be renewed to keep them valad.

Could be, someone in  thier it simply dropped the ball, and forgot to send the check, or for whatever reason, the certificate was altered.

 

The bit of the NSA and other third parties snooping is a discussion for another venue.

Not a clue if this helps any, but my understanding is, certificates do expire over time, and have to be renewed to keep them valad.

Could be, someone in  thier it simply dropped the ball, and forgot to send the check, or for whatever reason, the certificate was altered.

 

The bit of the NSA and other third parties snooping is a discussion for another venue.

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

8 of 8 (70 Views)
Share this post
Share this post