~sircmpwn/aerc2#475: 
X509 cert signed by unknown authority

Hello, I'm trying to configure aerc to use the MS Exchange server mail. I suppose that my employer use a self-signed certificate and I have the following error: X509 cert signed by unknown authority How I can configure aerc in such case?

-- Best regards, Andrey

Status
RESOLVED NOT_OUR_BUG
Submitter
Спицын Андрей
Assigned to
No-one
Submitted
3 years ago
Updated
3 years ago
Labels
No labels applied.

~labrat 3 years ago

add the cert to your CA store of the OS

~einhander 3 years ago

The problem is that I don't have CA certificate to put it in the OS storage.

~labrat REPORTED NOT_OUR_BUG 3 years ago

talk to your admin

~einhander 3 years ago

Outlook, mutt, gmail and number of other software including web-browsers works with this setup. But aerc not. P.S. admin think that it's ok to use self-signed certificate without CA.

~labrat 3 years ago

Other applications do whatever they want, sure.

If you aren't validating the cert, why use one at all? Any attacker can simply man in the middle it and you'd be none the wiser.

If you do want to use a cert and validate it there's two options:

  1. properly add the CA to the cert store
  2. certificate fingerprint pinning

2 is #329

~einhander 3 years ago

Thank you.

~turminal 3 years ago

Outlook, mutt, gmail and number of other software including web-browsers works with this setup. But aerc not. P.S. admin think that it's ok to use self-signed certificate without CA.

I had a similar problem with the email address set up by the university where I study. Other clients worked fine for me too. I thought it's because the server is using a self signed certificate as well but it turned out the server used a certificate from a CA but expected everyone to utilize the TLS AIA extension to fetch intermediate certificates on the fly. Aerc doesn't do that because the tls implementation in the go stdlib (imho rightfully) doesn't support that extension. Other clients worked because they used a different TLS stack. Might be useful checking if that's what's wrong in your case as well.

Of course aerc can do nothing about all that, just pointing this out here for the issue author and perhaps others in the future.

Register here or Log in to comment, or comment via email.