Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Peer's Certificate issuer is not recognized.

2,153 views
Skip to first unread message

»Q«

unread,
Jan 17, 2014, 4:15:05 PM1/17/14
to
Trying to connect securely to news.eternal-september.org on port 563, I
get an Alert box with the text "Peer's Certificate issuer is not
recognized." There aren't any override options in the Alert, only an
"OK" button.

The Error Console says:

news.eternal-september.org:563 uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)

How can I override, to accept the cert?

Christian Riechers

unread,
Jan 17, 2014, 4:44:07 PM1/17/14
to
Works fine here.
The file cert8.db in your profile folder may have become corrupted. Try
to delete this file while Thunderbird is closed. Make sure to backup any
personal certificates you want to keep before deleting the file.

--
Christian

»Q«

unread,
Jan 17, 2014, 5:22:54 PM1/17/14
to
Unfortunately, that didn't help -- I get the same results.

Dave Pyles

unread,
Jan 17, 2014, 6:10:27 PM1/17/14
to
Is it necessary to use port 563? Try port 119.
Dave Pyles

»Q«

unread,
Jan 17, 2014, 7:34:46 PM1/17/14
to
With port 119, snews can't be used.

RM

unread,
Jan 17, 2014, 11:13:40 PM1/17/14
to
»Q« decreed, Read These Runes!:
Have you tried using openssl, something like:

$ openssl s_client -showcerts -connect \
news.eternal-september.org:563 </dev/null

--
Boy, life takes a long time to live.
-- Steven Wright

David E. Ross

unread,
Jan 18, 2014, 12:05:41 PM1/18/14
to
On 1/17/2014 8:13 PM, RM wrote:
> �Q� decreed, Read These Runes!:
The original post in this thread was from a Windows user, not a UNIX or
Linux user.

--

David E. Ross
<http://www.rossde.com/>

On occasion, I filter and ignore all newsgroup messages
posted through GoogleGroups via Google's G2/1.0 user agent
because of spam, flames, and trolling from that source.

Christian Riechers

unread,
Jan 18, 2014, 1:31:22 PM1/18/14
to
The openssl command suggested by another poster returns:

Certificate chain
0
s:/description=z8x2a0S5FjpJGCa7/C=DE/CN=news.eternal-september.org/emailAddress=<email
address skipped>
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1 Primary Intermediate Server CA

Make sure you do have the issuer cert from StartCom in your Thunderbird
certificate store.

--
Christian

RM

unread,
Jan 18, 2014, 4:17:10 PM1/18/14
to
David E. Ross decreed, Read These Runes!:
> On 1/17/2014 8:13 PM, RM wrote:
>> »Q« decreed, Read These Runes!:
>>> On 2014-01-17 17:10, Dave Pyles wrote:
>>>> On 1/17/2014 4:15 PM, »Q« wrote:
>>>>> Trying to connect securely to news.eternal-september.org on port 563, I
>>>>> get an Alert box with the text "Peer's Certificate issuer is not
>>>>> recognized." There aren't any override options in the Alert, only an
>>>>> "OK" button.
>>>>>
>>>>> The Error Console says:
>>>>>
>>>>> news.eternal-september.org:563 uses an invalid security certificate.
>>>>> The certificate is not trusted because no issuer chain was provided.
>>>>> (Error code: sec_error_unknown_issuer)
>>>>>
>>>>> How can I override, to accept the cert?
>>>>
>>>> Is it necessary to use port 563? Try port 119.
>>>
>>> With port 119, snews can't be used.
>>
>> Have you tried using openssl, something like:
>>
>> $ openssl s_client -showcerts -connect \
>> news.eternal-september.org:563 </dev/null
>>
>
> The original post in this thread was from a Windows user, not a UNIX or
> Linux user.

I'm fairly sure he has access to a linux box.

--
Cold, adj.:
When the local flashers are handing out written descriptions.

Michael Petch

unread,
Jan 18, 2014, 5:23:28 PM1/18/14
to
On 2014-01-17 14:15, �Q� wrote:
> The Error Console says:
>
> news.eternal-september.org:563 uses an invalid security certificate.
> The certificate is not trusted because no issuer chain was provided.
> (Error code: sec_error_unknown_issuer)
>

Is it possible your antivirus is acting as a proxy and intercepting
requests?

»Q«

unread,
Feb 17, 2014, 3:17:25 PM2/17/14
to
In <news:VcmdnRQSrornVUfP...@mozilla.org>,
Sorry to have abandoned this thread. I didn't mean to; I just forgot
about it as I was in the midst of other issues at the time. Thanks to
all who tried to help.

I don't need it solved now; I "solved" it by using a client that
prompts the user to accept or reject the cert.
0 new messages