Peer's Certificate issuer is not recognized.

[»Q«]

Trying to connect securely to news.eternal-september.org on port 563, I
get an Alert box with the text "Peer's Certificate issuer is not
recognized." There aren't any override options in the Alert, only an
"OK" button.

The Error Console says:

news.eternal-september.org:563 uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)

How can I override, to accept the cert?

[Christian Riechers]

Works fine here.
The file cert8.db in your profile folder may have become corrupted. Try
to delete this file while Thunderbird is closed. Make sure to backup any
personal certificates you want to keep before deleting the file.

--
Christian

[»Q«]

Unfortunately, that didn't help -- I get the same results.

[Dave Pyles]

Is it necessary to use port 563? Try port 119.
Dave Pyles

[»Q«]

With port 119, snews can't be used.

[RM]

»Q« decreed, Read These Runes!:

Have you tried using openssl, something like:

$ openssl s_client -showcerts -connect \
news.eternal-september.org:563 </dev/null

--
Boy, life takes a long time to live.
-- Steven Wright

[David E. Ross]

On 1/17/2014 8:13 PM, RM wrote:
> �Q� decreed, Read These Runes!:

The original post in this thread was from a Windows user, not a UNIX or
Linux user.

--

David E. Ross
<http://www.rossde.com/>

On occasion, I filter and ignore all newsgroup messages
posted through GoogleGroups via Google's G2/1.0 user agent
because of spam, flames, and trolling from that source.

[Christian Riechers]

The openssl command suggested by another poster returns:

Certificate chain
0
s:/description=z8x2a0S5FjpJGCa7/C=DE/CN=news.eternal-september.org/emailAddress=<email
address skipped>
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1 Primary Intermediate Server CA

Make sure you do have the issuer cert from StartCom in your Thunderbird
certificate store.

--
Christian

[RM]

David E. Ross decreed, Read These Runes!:

> On 1/17/2014 8:13 PM, RM wrote:
>> »Q« decreed, Read These Runes!:
>>> On 2014-01-17 17:10, Dave Pyles wrote:
>>>> On 1/17/2014 4:15 PM, »Q« wrote:
>>>>> Trying to connect securely to news.eternal-september.org on port 563, I
>>>>> get an Alert box with the text "Peer's Certificate issuer is not
>>>>> recognized." There aren't any override options in the Alert, only an
>>>>> "OK" button.
>>>>>
>>>>> The Error Console says:
>>>>>
>>>>> news.eternal-september.org:563 uses an invalid security certificate.
>>>>> The certificate is not trusted because no issuer chain was provided.
>>>>> (Error code: sec_error_unknown_issuer)
>>>>>
>>>>> How can I override, to accept the cert?
>>>>
>>>> Is it necessary to use port 563? Try port 119.
>>>
>>> With port 119, snews can't be used.
>>
>> Have you tried using openssl, something like:
>>
>> $ openssl s_client -showcerts -connect \
>> news.eternal-september.org:563 </dev/null
>>
>
> The original post in this thread was from a Windows user, not a UNIX or
> Linux user.

I'm fairly sure he has access to a linux box.

--
Cold, adj.:
When the local flashers are handing out written descriptions.

[Michael Petch]

On 2014-01-17 14:15, �Q� wrote:
> The Error Console says:
>
> news.eternal-september.org:563 uses an invalid security certificate.
> The certificate is not trusted because no issuer chain was provided.
> (Error code: sec_error_unknown_issuer)
>

Is it possible your antivirus is acting as a proxy and intercepting
requests?

[»Q«]

In <news:VcmdnRQSrornVUfP...@mozilla.org>,

Sorry to have abandoned this thread. I didn't mean to; I just forgot
about it as I was in the midst of other issues at the time. Thanks to
all who tried to help.

I don't need it solved now; I "solved" it by using a client that
prompts the user to accept or reject the cert.