GMail: Invalid server certificate (The certificate cannot be used for this purpose).

For a couple of days now every now and then I cannot load messages from GMail accounts. Other people report that other things also may not work. The most intriguing thing here is that the issue occurs from time to time for a while (in my case the longest time span has been several minutes) and then everything works fine again. Below You’ll find logs from my e-mail client (The Bat! Pro 9.0.12 32-bit) – note that invalid server certificate results in TLS handshake failure, while in normal circumstances it should run smoothly:

2020-04-08, 15:03:08: IMAP - Connecting to IMAP server imap.gmail.com on port 993

2020-04-08, 15:03:08: IMAP - Initiating TLS handshake

2020-04-08, 15:03:08: IMAP - Certificate S/N: 5638B010931D05380800000000320BE2, algorithm: ECC (256 bits), issued from 3/3/2020 9:58:11 AM to 5/26/2020 9:58:11 AM, for 1 host(s): imap.gmail.com.

2020-04-08, 15:03:08: IMAP - Owner: "US", "California", "Mountain View", "Google LLC", "imap.gmail.com". 2020-04-08, 15:03:08: IMAP - Issuer: "US", "Google Trust Services", "GTS CA 1O1". Valid from 6/15/2017 12:00:42 AM to 12/15/2021 12:00:42 AM.

2020-04-08, 15:03:08: IMAP - Root: "GlobalSign Root CA - R2", "GlobalSign", "GlobalSign". Valid from 12/15/2006 8:00:00 AM to 12/15/2021 8:00:00 AM.

!2020-04-08, 15:03:08: IMAP - TLS handshake failure. Invalid server certificate (The certificate cannot be used for this purpose).

And here how the same operation should look like in case everything is all right:

2020-04-08, 15:09:17: IMAP - Connecting to IMAP server imap.gmail.com on port 993

2020-04-08, 15:09:17: IMAP - Initiating TLS handshake

2020-04-08, 15:09:17: IMAP - Certificate S/N: 96768414983DDE9C0800000000320A68, algorithm: RSA (2048 bits), issued from 3/3/2020 9:44:07 AM to 5/26/2020 9:44:07 AM, for 1 host(s): imap.gmail.com.

2020-04-08, 15:09:17: IMAP - Owner: "US", "California", "Mountain View", "Google LLC", "imap.gmail.com". 2020-04-08, 15:09:17: IMAP - Issuer: "US", "Google Trust Services", "GTS CA 1O1". Valid from 6/15/2017 12:00:42 AM to 12/15/2021 12:00:42 AM.

2020-04-08, 15:09:17: IMAP - Root: "GlobalSign Root CA - R2", "GlobalSign", "GlobalSign". Valid from 12/15/2006 8:00:00 AM to 12/15/2021 8:00:00 AM.

2020-04-08, 15:09:17: IMAP - TLS handshake complete

2020-04-08, 15:09:17: IMAP - Connected to IMAP server (imap.gmail.com)

2020-04-08, 15:09:17: IMAP - Gimap ready for requests from 5.173.193.223 w2mb6020654ltq

2020-04-08, 15:09:18: IMAP - Authenticating (user: "......@gmail.com", method: "XOAUTH2")...

2020-04-08, 15:09:19: IMAP - IMAP server authentication OK, server says "......@gmail.com authenticated (Success)"

It wasn’t obvious for me whether the issue is strictly The Bat!-related or more of an universal nature, affecting various mail clients. The Bat! technical support addresses this case in a following way:

“Google has started using new types of certificates on their mail servers which are not yet supported by The Bat! We are now working on implementing the new algorithms and we will soon release a new version of The Bat! which will be able to use new Gmail certificates.” ( » )

In case of The Bat! the issue seems to be resolved with the 9.1.10 release of the app.

Leave a Reply


Vivaldi