Author Topic: New AIS 8 and scanning SSL scanning  (Read 16656 times)

0 Members and 1 Guest are viewing this topic.

Offline BaluBig

  • Newbie
  • *
  • Posts: 12
Re: New AIS 8 and scanning SSL scanning
« Reply #30 on: March 05, 2013, 03:17:43 PM »
the Mail shield root certificate is in the Windows certificate store only when the Mail shield is running.

Sorry, I fogot to add that SSL scanning must be enabled too.

TADAM!
It works now. Thanks vojtech!

So the step by step guide for TheBat! users - assuming both Mail Shield and SSL scanning are on:
  • Open certmgr.msc from command prompt
  • Expand the tree down to Trusted Root Certification Authorities\Certificates, locate the avast! Mail Scanner Root certificate in the list
  • Right-click the certificate and execute All Tasks\Export...
  • Go through the export wizard and export the ceryificate to any X509 (.CER) format with any file name
  • Open TheBat's address book
  • Make sure the View\Certificate Address Books menu item is checked
  • Select the Trusted Root CA item in the left list
  • Create a new contact in the selected address book, the Edit Address Entry window will appear
  • Fill in First Name, Middle Name, Last Name fields with any data to identify the new record in the list
  • Switch to the Certificates tab and click the Import button
  • Import the previously exported certificate. After successful import the imported certificate will appear in the new contact's list
  • Close the Edit Address Entry window with the OK button
That's all, now check how TheBat! works with SSL-enabled mail servers.

Best regards - Serge.

Offline dansoftware

  • Newbie
  • *
  • Posts: 8
Re: New AIS 8 and scanning SSL scanning
« Reply #31 on: March 05, 2013, 06:29:41 PM »
    • Open TheBat's address book
    • Make sure the View\Certificate Address Books menu item is checked
    • Select the Trusted Root CA item in the left list
    • Create a new contact in the selected address book, the Edit Address Entry window will appear
    • Fill in First Name, Middle Name, Last Name fields with any data to identify the new record in the list
    • Switch to the Certificates tab and click the Import button
    • Import the previously exported certificate. After successful import the imported certificate will appear in the new contact's list
    • Close the Edit Address Entry window with the OK button

    There is no need to create a new contact manually. Use "File -> Import" in the main menu of The Bat!'s address book.

    Offline BaluBig

    • Newbie
    • *
    • Posts: 12
    Re: New AIS 8 and scanning SSL scanning
    « Reply #32 on: March 06, 2013, 09:22:47 AM »
    There is no need to create a new contact manually. Use "File -> Import" in the main menu of The Bat!'s address book.
    Have tried this first. But it says "No addresses were imported" for me. TheBat ver. 5.2.2

    Best regards - Serge.

    Offline jjjk

    • Newbie
    • *
    • Posts: 1
    Re: New AIS 8 and scanning SSL scanning
    « Reply #33 on: March 27, 2013, 04:51:24 PM »
    Hi!

    I had the same problem (also using The Bat! as my email client) and want to suggest a possible alternative solution.

    The suggested solution in this message chain is to export the avast! certificate from the Windows certificate store (where the "internal TLS" implementation cannot find it) and import it into the The Bat! address book where it can be found. This will certainly fix the problem, as has been indicated.

    Please notice that WITHOUT UNDERSTANDING all the possible implications of this, I simply switched the selection in the The Bat! Options | S/MIME and TLS... dialog from "Internal Implementation (The Bat! Address Book)" to "Microsoft CryptoAPI (Windows Certificate Store)".

    I kept all the additional selections in their default values.

    With this, the error message and the related error message dialog disappeared:

    Account Log Before the change described above:
    >3/27/2013, 16:50:49: IMAP  - Issuer: generated by avast! antivirus for SSL scanning, avast! Mail Scanner, avast! Mail Scanner Root.
    !3/27/2013, 16:50:49: IMAP  - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
     3/27/2013, 16:50:55: IMAP  - TLS handshake complete

    Account Log After the change described above:
    >3/27/2013, 17:15:48: IMAP  - Issuer: generated by avast! antivirus for SSL scanning, avast! Mail Scanner, avast! Mail Scanner Root.
     3/27/2013, 17:15:48: IMAP  - TLS handshake complete

    If anyone has any remark about possible negative effects of the selection switch, I would very much like to know!

    Jouni