Old e-mail programs with expired SSL certificates

Some customers using very old e-mail programs (such as Microsoft Entourage and Netscape Mail) have complained that their programs have started showing a warning that the “Certificate Authority Is Expired” or “Unable to establish a secure connection”. These old e-mail programs have certificates for common “root certificate authorities” built into them, with expiration dates that have now passed. There is no way to update the root certificates which are built into these old programs, unfortunately, so these e-mail programs will always complain that the root certificates are expired and thus no longer valid. This is not a problem with our e-mail servers, but instead is a problem with the old e-mail programs — they were never expected to be used this long.

If this is happening to you, there are three possible actions.

The first option is to simply do nothing different, and accept the warning each time your e-mail program shows it. This is annoying, and also may lead to building a habit where you automatically accept any security warning. That’s a bad habit to have, so we don’t recommend doing that.

The second option is to disable SSL in your e-mail program. In Microsoft Entourage, edit the account’s “advanced receiving options”. Uncheck the checkbox that mentions SSL, and also uncheck the checkbox that specifies to override the default port. Then make the same two changes in the “advanced sending options”. In Netscape Mail, uncheck the “SSL” checkbox in the “Server Settings” for the e-mail account and for the outgoing mail server.

The third option is the one that we recommend for most users: switch to a different e-mail program. We recommend using Mozilla Thunderbird, because it is very powerful, easy to use, and is free. We have detailed instructions on how to download and configure Thunderbird.