FogBugz Technical Support

A forum for technical support discussion related to Fogbugz.
The current FogBugz Knowledge Base can be found at http://help.fogcreek.com/fogbugz.

Posts by Fog Creek Employees are marked:

Documentation
Release Notes
Network Status

The remote certificate is invalid according to the validation...

FogBugz 7 has stopped fetching mail from our Exchange server. The Fog Creek Maintenance Service warning message is:

"The remote certificate is invalid according to the validation procedure"

Mail fetching was working before the weekend, now it isn't. There are enough people with access to the systems that something could have changed, but we don't keep a change-log. Where are some of the first places I should look to get to the bottom of this?

Other details: POP3 port is 995
Chris Wenham Send private email
Tuesday, September 8, 2009
 
 
My suspicion is that the certificate expired...  Can you check that?
Michael H. Pryor Send private email
Tuesday, September 8, 2009
 
 
Which certificate, the one for the client or the server? Also, do you know how?
Chris Wenham Send private email
Tuesday, September 8, 2009
 
 
(For a moment I was blind to "remote" in the error message, telling me which certificate it was, duh.)

The Exchange server's SSL certificate doesn't expire until 2013.
Chris Wenham Send private email
Tuesday, September 8, 2009
 
 
We have seen some funny stuff when code on one platform does and SSL connection and decides it doesn't like the cert on the other platform.

We have a similar issue now because we have an api on an IIS server, that has a godaddy ssl cert. A piece of java code on linux throws a weird error because it does not like/trust the ssl CA in some way.

It is a total nightmare to chase (since the java code is the big boy's code, and they are never wrong...).

Anyway, it might be something of that flavor... just a thought.
Sam Jones
Wednesday, September 9, 2009
 
 
Sam's issue is likely a different issue.

This error means that the server you are denoting in your mailbox settings doesn't match up with the value denoted in the server's certificate.

This happened with people using Google Apps.  The server at smtp.gmail.com would gladly accept a connection on port 995 but would give a certificate for pop.gmail.com.  This mismatch caused the certificate error.

If you're on a recent version of FogBugz 7, I'm pretty sure we tell you what the certificate being issued is, and you can match that up to the server name you're accessing.
Rich Armstrong Send private email
Wednesday, September 9, 2009
 
 
The warning message didn't give any details about the certificate. Where could I find that?
Chris Wenham Send private email
Wednesday, September 9, 2009
 
 
Are you on 7.0.30?
Rich Armstrong Send private email
Wednesday, September 9, 2009
 
 
I am now, I just upgraded. The problem was manifesting under 7.0.23
Chris Wenham Send private email
Wednesday, September 9, 2009
 
 
After upgrading I went to add the mail account again in FogBugz, and it gave me a more detailed description of the certificate:

Error: The remote certificate is invalid according to the validation procedure.

Server Address: mail.fragrancenet.local

Certificate Issued To: CN=mail.fragrancenet.local, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Fragrancenet.local, O=FragranceNet.com, L=Hauppauge, S=New York, C=US
Certificate Issuer: CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Certificate Expiration: 9/4/2009 7:59:59 PM


 Now the expiration date it's reporting can't be right, because we went and checked the POP3 Virtual Server Properties in Exchange and the certificate had been renewed and installed. In IIS it says the cert expires on 9/3/2012 and is for mail.fragrancenet.local.
 I'd attach a screenshot here if it was possible.
Chris Wenham Send private email
Wednesday, September 9, 2009
 
 
We can pick up the conversation on customer-service@fogcreek.com.  Send the screen shot there and we'll contact you.
Rich Armstrong Send private email
Wednesday, September 9, 2009
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz Bug Tracking and Evidence-Based Scheduling.