Gmail SSL problem

  • 1
  • Announcement
  • Updated 5 years ago
From time to time we receive reports from users that have difficulties in archiving their Gmail account with MailStore's Gmail archiving profile. We were able to track down the problem to the information that is stored in Gmail's SSL certificates and how MailStore deals with them.

SSL certificates contain a list of URLs with so called certificate revocation lists (CRL). Those CRLs contain information about certificates that have been revoked. This is usually done due to a compromised private key that is stored on the server. Any application should fetch that CRLs and check whether the SSL certificates that was offered by the server is listed in that CRL. This ensures that no encrypted communication is established between a server using a revoked certificate and the client. This technique should prevent man-in-the-middle-attacks with stolen certificates.

Under certain conditions (especially under Windows XP), fetching the CRL fails or just takes too long to finish. In that case MailStore is unable to verify whether the certificate is listed in the CRL or not. For security reasons MailStore will not continue if the validity of the certificate could not be verified. As the Google Mail servers as well as the SSL settings are hard coded into the software, you should check your firewall settings for blocked outgoing http connections from MailStore Home and possibly just retry a few minutes later.

If for any reason it is still not working, you may fall back the generic IMAP archiving profile, that allows you to bypass the SSL warning by enabling the appropriate option. Please notice, that you won't benefit from some special functions that are available in the Gmail archiving profile if you use the generic IMAP profile.

I hope you find this information useful!
Photo of Daniel

Daniel, Director of Engineering

  • 469 Posts
  • 27 Reply Likes
  • happy

Posted 5 years ago

  • 1

Be the first to post a reply!