Reply
Posted Feb 10, 2013
5:45:42 PM
View profile
Recently getting SSL Certificate error for inbound.att.net - bad signature

The topic says it - starting a few weeks ago, every attempt to fetch pop3 mail gets me a popup with the following error:

-----

SSL Certificate check for inbound.att.net:

 

Issuer:            CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
Subject:           CN=inbound.att.net,OU=att.net Mail,O="AT&T Services, Inc.",L=Southfield,ST=Michigan,C=US
Fingerprint:       3e:13:32:42:87:cb:12:f7:2b:84:bd:a7:56:27:3c:8c
Signature:         BAD

Do you wish to accept?

-----

I am retrieving mail just fine from a different email account on a different PC with similar settings (although with different email app).
  In this case, I am using Evolution under Ubuntu Linux.  Everything was working fine until a few weeks ago.  I know I could just accept the certificate, but I would really love to understand what the problem actually is before I sweep it under the rug.

 

Thanks for any suggestions, preferably not pointing out I'm using "unsupported" software....

The topic says it - starting a few weeks ago, every attempt to fetch pop3 mail gets me a popup with the following error:

-----

SSL Certificate check for inbound.att.net:

 

Issuer:            CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
Subject:           CN=inbound.att.net,OU=att.net Mail,O="AT&T Services, Inc.",L=Southfield,ST=Michigan,C=US
Fingerprint:       3e:13:32:42:87:cb:12:f7:2b:84:bd:a7:56:27:3c:8c
Signature:         BAD

Do you wish to accept?

-----

I am retrieving mail just fine from a different email account on a different PC with similar settings (although with different email app).
  In this case, I am using Evolution under Ubuntu Linux.  Everything was working fine until a few weeks ago.  I know I could just accept the certificate, but I would really love to understand what the problem actually is before I sweep it under the rug.

 

Thanks for any suggestions, preferably not pointing out I'm using "unsupported" software....

Recently getting SSL Certificate error for inbound.att.net - bad signature

2,536 views
9 replies
(0) Me too
(0) Me too
Post reply
Cancel
Submit
View all replies
(9)
0
(0)
  • Rate this reply
View profile
Feb 11, 2013 8:52:07 AM
0
(0)
Community Specialist

ostroffjh,

 

     I have included a few links that will hopefully be of help.

 

I'm having trouble with POP mail but it used to work

 

Email server settings (POP and SMTP)

 

 

     If your still having trouble please feel free to send a private message to one of our ATTCustomer care specialists by using the following link. Please include your name, email address, phone number and the best time to be contacted. An ATT representative will reach out to you within 48 hours.

 

Private Message

 

James

Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions here.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

ostroffjh,

 

     I have included a few links that will hopefully be of help.

 

I'm having trouble with POP mail but it used to work

 

Email server settings (POP and SMTP)

 

 

     If your still having trouble please feel free to send a private message to one of our ATTCustomer care specialists by using the following link. Please include your name, email address, phone number and the best time to be contacted. An ATT representative will reach out to you within 48 hours.

 

Private Message

 

James

Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions here.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

2 of 10 (2,502 Views)
0
(0)
  • Rate this reply
View profile
Feb 11, 2013 3:27:34 PM
0
(0)
Contributor

James,

 

Thanks for the response, but netither of the links you provided were helpful.  I have not changed password recently, and the problem is collecting my sbcglobal.net email via pop, not using att/yahoo to collect other email.

 

However, based on a bunch more searching, I am becoming more convinced that although AT&T/Yahoo might have made some recent change, the reason I am getting the error is likely due to a problem with the way Evolution is handling the SSL Certificates, and not with the certificate itself.  I'll pursue that path a bit further before I use your link for sending a private message.  One way or another, I'll post a follow-up when I have more information.

 

Jack

James,

 

Thanks for the response, but netither of the links you provided were helpful.  I have not changed password recently, and the problem is collecting my sbcglobal.net email via pop, not using att/yahoo to collect other email.

 

However, based on a bunch more searching, I am becoming more convinced that although AT&T/Yahoo might have made some recent change, the reason I am getting the error is likely due to a problem with the way Evolution is handling the SSL Certificates, and not with the certificate itself.  I'll pursue that path a bit further before I use your link for sending a private message.  One way or another, I'll post a follow-up when I have more information.

 

Jack

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

3 of 10 (2,493 Views)
0
(0)
  • Rate this reply
View profile
Feb 14, 2013 9:50:50 AM
0
(0)
Community Specialist

ostroffjh,

 

     Yes a follow up post would be great, not only for myself but for many others that might encounter an issue like this as well.

 

 

James

 

Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions here.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

ostroffjh,

 

     Yes a follow up post would be great, not only for myself but for many others that might encounter an issue like this as well.

 

 

James

 

Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions here.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

4 of 10 (2,461 Views)
0
(0)
  • Rate this reply
View profile
Oct 25, 2013 5:30:56 AM
0
(0)
Contributor

Here we are 8 months later and I'm now having the same issue. Specifically, I've been using pop.att.yahoo.com for inbound on my Samsung Galaxy S (Verizon) cell. About a week or two ago I stopped getting my messages to the cell, although they are picked up by Outlook on the desktop. When I try changing it to inbound.att.net it says "cannot safely connect to server. org.bouncycastle.jce.exception . Could not validate certificate."  ATT says SENDING  is a "known issue" but my problem is receiving. Seems like it's been going on for quite a while...

 

Any ideas? Does ATT know about this? ( I just sent them a private note...)

 

Ed

Here we are 8 months later and I'm now having the same issue. Specifically, I've been using pop.att.yahoo.com for inbound on my Samsung Galaxy S (Verizon) cell. About a week or two ago I stopped getting my messages to the cell, although they are picked up by Outlook on the desktop. When I try changing it to inbound.att.net it says "cannot safely connect to server. org.bouncycastle.jce.exception . Could not validate certificate."  ATT says SENDING  is a "known issue" but my problem is receiving. Seems like it's been going on for quite a while...

 

Any ideas? Does ATT know about this? ( I just sent them a private note...)

 

Ed

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

5 of 10 (1,929 Views)
0
(0)
  • Rate this reply
View profile
Oct 25, 2013 5:49:07 AM
0
(0)
Contributor
Seems I'm not able to send either....
Seems I'm not able to send either....

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

6 of 10 (1,926 Views)
0
(0)
  • Rate this reply
View profile
Mar 22, 2015 10:48:36 PM
0
(0)
Contributor

Same thing began happening to me on just one of the ATT_yahoo email accounts I use, all three in the same email client.  The other two (SBCglobal, also in ATT) connect fine as usual, but the att.net account with the server INBOUND.ATT.NET suddenly stopped checking mail, won't pass the SSL handshake and connect.  It gives a message that the CERTIFICATE is bad; "name on the destination host does not match the name on the certificate."  (Shows a big text box of info on that cert with a YES or NO choice as to trust it.)

 

Knowing that Superfish was recently found in some namebrand tablet PCs, and that it contains the Komodia redirector crapware to pass SSL connections through untrusted parties, I don't choose to trust that cert.  After finding no actual answer on this forum I tried callling ATT support again for a simple YES or NO as to whether the CERT INFO shown is correct for their named server (name not shown on cert), or not to trust it.  Seems like a simple yes/no answer for ATT to reply as to a valid cert, but ...  no dice unless I buy paid support contract on pretext that my Eudora client (which works FINE otherwise) is the problem because it raised a flag. 

 

I'll have to stifle any comments about the webmail interface and the interface on this forum which has lost/dumped my previous comments.  You can guess what I think, and all of us need to guess whether our SSL email connections are being monitored by (?) third parties or not.

Same thing began happening to me on just one of the ATT_yahoo email accounts I use, all three in the same email client.  The other two (SBCglobal, also in ATT) connect fine as usual, but the att.net account with the server INBOUND.ATT.NET suddenly stopped checking mail, won't pass the SSL handshake and connect.  It gives a message that the CERTIFICATE is bad; "name on the destination host does not match the name on the certificate."  (Shows a big text box of info on that cert with a YES or NO choice as to trust it.)

 

Knowing that Superfish was recently found in some namebrand tablet PCs, and that it contains the Komodia redirector crapware to pass SSL connections through untrusted parties, I don't choose to trust that cert.  After finding no actual answer on this forum I tried callling ATT support again for a simple YES or NO as to whether the CERT INFO shown is correct for their named server (name not shown on cert), or not to trust it.  Seems like a simple yes/no answer for ATT to reply as to a valid cert, but ...  no dice unless I buy paid support contract on pretext that my Eudora client (which works FINE otherwise) is the problem because it raised a flag. 

 

I'll have to stifle any comments about the webmail interface and the interface on this forum which has lost/dumped my previous comments.  You can guess what I think, and all of us need to guess whether our SSL email connections are being monitored by (?) third parties or not.

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

7 of 10 (420 Views)
0
(0)
  • Rate this reply
View profile
Mar 23, 2015 10:24:47 AM
0
(0)
Scholar

Not a clue if this helps any, but my understanding is, certificates do expire over time, and have to be renewed to keep them valad.

Could be, someone in  thier it simply dropped the ball, and forgot to send the check, or for whatever reason, the certificate was altered.

 

The bit of the NSA and other third parties snooping is a discussion for another venue.

Not a clue if this helps any, but my understanding is, certificates do expire over time, and have to be renewed to keep them valad.

Could be, someone in  thier it simply dropped the ball, and forgot to send the check, or for whatever reason, the certificate was altered.

 

The bit of the NSA and other third parties snooping is a discussion for another venue.

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

8 of 10 (406 Views)
0
(0)
  • Rate this reply
View profile
May 18, 2015 4:54:30 PM
0
(0)
Tutor

Same problem once again... 

 

Server inbound.att.net certificate Verisign Class 3 Secure Server CA - G3 valid period 4/23/14 to 4/25/15. Now getting Internet Security Warnings in Outlook 2010 due to the expired certificate. 

 

Tried to report it through UVerse Support Chat, but was told by Adolf to "take it to Microsoft"... couldn't even get them to refer it to Tier 2 were it would eventually be addressed. They told me they provide NO support for any email clients - I should use the Web Mail! Unbelievable!!!

 

Same problem once again... 

 

Server inbound.att.net certificate Verisign Class 3 Secure Server CA - G3 valid period 4/23/14 to 4/25/15. Now getting Internet Security Warnings in Outlook 2010 due to the expired certificate. 

 

Tried to report it through UVerse Support Chat, but was told by Adolf to "take it to Microsoft"... couldn't even get them to refer it to Tier 2 were it would eventually be addressed. They told me they provide NO support for any email clients - I should use the Web Mail! Unbelievable!!!

 

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

9 of 10 (96 Views)
0
(0)
  • Rate this reply
View profile
May 18, 2015 8:13:43 PM
0
(0)
Contributor
You wrote:

>Server inbound.att.net certificate Verisign
>Class 3 Secure Server CA - G3 valid period
>4/23/14 to 4/25/15. Now getting Internet
>Security Warnings in Outlook 2010 due to the expired certificate.?
>
>?

Yes, I had the same disgusting problem for 2
months, and ISP's support was basically clueless
other than telling me the [same] name settings to
reach the mailserver --but problem was server
certificate altho I don't think it was
expired. (The CA name &type above rings a bell).

Finally, I found a recent post on a blog that
showed how to fix it, to people who have stuck
with Eudora 7 email client (we are a fiercely
loyal bunch!). However I haven't attempted the
same approach yet in my wife's Outlook client-- I
don't know the right Outlook menu/clicks. In
either case I think it is the same in principle:
need to drill down until you find the valid cert
that the PC doesn't trust, then add that cert
type to the recognized "certificate store" so
that the PC will trust it. Maybe my terminology is a bit misapplied, but....

To see good instructions for the process as it
works in Eudora, see this blog page (assuming the
link survives the moderators):
http://blog.timeoff.org/rick/2015/01/07/eudora-and-ssl-certificate-failures/comment-page-1/#comment-...

Hope it helps, and that you can find how to apply
it in Outlook. Incidentally, the cert I finally
added to fix inbound.att, was listed as: US,
Symantec Corporation, Symantec TrustNetwork,
Symantec Class 3 Secure Server CA - G3 [It needs more than just the name.]

In this situation, Symantec seems good enough to
trust, --unlike Hong Kong Post Office.
--D

You wrote:

>Server inbound.att.net certificate Verisign
>Class 3 Secure Server CA - G3 valid period
>4/23/14 to 4/25/15. Now getting Internet
>Security Warnings in Outlook 2010 due to the expired certificate.?
>
>?

Yes, I had the same disgusting problem for 2
months, and ISP's support was basically clueless
other than telling me the [same] name settings to
reach the mailserver --but problem was server
certificate altho I don't think it was
expired. (The CA name &type above rings a bell).

Finally, I found a recent post on a blog that
showed how to fix it, to people who have stuck
with Eudora 7 email client (we are a fiercely
loyal bunch!). However I haven't attempted the
same approach yet in my wife's Outlook client-- I
don't know the right Outlook menu/clicks. In
either case I think it is the same in principle:
need to drill down until you find the valid cert
that the PC doesn't trust, then add that cert
type to the recognized "certificate store" so
that the PC will trust it. Maybe my terminology is a bit misapplied, but....

To see good instructions for the process as it
works in Eudora, see this blog page (assuming the
link survives the moderators):
http://blog.timeoff.org/rick/2015/01/07/eudora-and-ssl-certificate-failures/comment-page-1/#comment-52120

Hope it helps, and that you can find how to apply
it in Outlook. Incidentally, the cert I finally
added to fix inbound.att, was listed as: US,
Symantec Corporation, Symantec TrustNetwork,
Symantec Class 3 Secure Server CA - G3 [It needs more than just the name.]

In this situation, Symantec seems good enough to
trust, --unlike Hong Kong Post Office.
--D

Re: Recently getting SSL Certificate error for inbound.att.net - bad signature

10 of 10 (80 Views)
Share this post
Share this post