SSL Certificates -Can I delete them all?

[geo_c]

My question is really about enabling neomutt to request a brand new certificate from outlook365, so this may not be the correct section of the forum.

Periodically, microsoft re-configures their certificates or certificate protocol, and I can no longer pickup outlook365 email with clients like Claws, Sylpheed, neomutt, or nmail.

In fossapup, /etc/ssl/certs seems to be where all these certificates are stored. I don't know much about ssl certificates, but it seems if one isn't present on the system already, then new certificates are requested, effectively reset to a new and better one.

So, is it safe to delete all the /etc/ssl/certs certificates currently on the system, or will that cause failures in unexpected apps and such?

edit: I backed up the pupsave and deleted the certificates, and unfortunately it did not solve my outlook365 login failure. I'll poke around and see if anything is broken now.

[Jasper]

Hi there

I do not have a solution for you but I am aware that SSL certificates can be updated within your browser settings.

I saw the option today in Palemoon in the Advanced/Certificates subsection.

This would allow you to add a new one.

The directory

etc/ssl.....

redirects to this one which is being used by Palemoon (Firefox user agent).

Without the security certificates you would not know if the website you are at is safe and genuine.

[Jasper]

If it's useful to you. I did compile GnuTLS which has the p11tool which has host of options available to you including generating your own private keys.

viewtopic.php?p=73228&hilit=gnutls#p73228

[geo_c]

If it's useful to you. I did compile GnuTLS which has the p11tool which has host of options available to you including generating your own private keys.

viewtopic.php?p=73228&hilit=gnutls#p73228

I'll check out this utility. Thunderbird also has options to manage certificates, and some say 'built-in' which I assume means bulit into Thunderbird.

I need to do some reading and searches to get a better understanding of using certificates. I'm still confused about how they get there in the first place. I was kind of under the impression that the browser or email client requests them, and then they are downloaded and used.

When it comes to neomutt, I'm not exactly sure if the certificates are stored in /etc. I'm seeing utility commands on their webpages that need to be installed to manage certificates.

[williwaw]

have you considered backing up your neomutt configuration file and mail storage directories and trying to reinstall neomutt?

[geo_c]

have you considered backing up your neomutt configuration file and mail storage directories and trying to reinstall neomutt?

Well I compiled that one. so I'm not sure how to remove it. Microsoft Office365 has a way of resetting their certificates every couple months that seems to break all but the mainstream email clients. I've been using Thunderbird and that's working. Thunderbird is fine, but it doesn't access mh mailboxes, so I can't access my local archive on that account. I have four email clients setup currently, Thunderbird, Claws, nmail, and neomutt, and the only that works since MS's last certificate reset is Thunderbird. All the other three went dead on my outlook account simultaneously. So if I reinstall and it works, it's likely to happen at some point.

My other account works fine at frontiernet.net

But I'd still like to crack this code when it comes to certificates, just because I don't like to be bossed around Microsoft.

[williwaw]

have you considered backing up your neomutt configuration file and mail storage directories and trying to reinstall neomutt?

Well I compiled that one. so I'm not sure how to remove it. Microsoft Office365 has a way of resetting their certificates every couple months that seems to break all but the mainstream email clients. I've been using Thunderbird and that's working. Thunderbird is fine, but it doesn't access mh mailboxes, so I can't access my local archive on that account. I have four email clients setup currently, Thunderbird, Claws, nmail, and neomutt, and the only that works since MS's last certificate reset is Thunderbird. All the other three went dead on my outlook account simultaneously. So if I reinstall and it works, it's likely to happen at some point.

My other account works fine at frontiernet.net

But I'd still like to crack this code when it comes to certificates, just because I don't like to be bossed around Microsoft.

do you have a location set for certs in your .neomuttrc?

Code: Select all

       certificate_file
              Type: path
              Default: "~/.mutt_certificates"

              This variable specifies the file where the certificates you trust are  saved.  When
              an  unknown  certificate  is encountered, you are asked if you accept it or not. If
              you accept it, the  certificate  can  also  be  saved  in  this  file  and  further
              connections are automatically accepted.

              You can also manually add CA certificates in this file. Any server certificate that
              is signed with one of these CA certificates is also automatically accepted.

              Example:

              set certificate_file=~/.neomutt/certificates

[geo_c]

do you have a location set for certs in your .neomuttrc?

Code: Select all

       certificate_file
              Type: path
              Default: "~/.mutt_certificates"

              This variable specifies the file where the certificates you trust are  saved.  When
              an  unknown  certificate  is encountered, you are asked if you accept it or not. If
              you accept it, the  certificate  can  also  be  saved  in  this  file  and  further
              connections are automatically accepted.

              You can also manually add CA certificates in this file. Any server certificate that
              is signed with one of these CA certificates is also automatically accepted.

              Example:

              set certificate_file=~/.neomutt/certificates

I don't have it set, but the file is there in the default location. So I suppose if I delete the certificate for the microsoft account from that file, neomutt might request another.

[geo_c]

@williwaw

Well I deleted the certificates from the file, a new certificated was downloaded but it still failed to login. I'll test it again. Maybe I didn't type the password correctly.

But, the error I get is "no authenticators available or invalid credentials"

edit: So I'm beginning to think that it is a matter of Oauth2. My other account grabs a new certificate just fine, but mutt throws a message saying it can't save the certificate from microsoft. The certificate is stored in the mutt file, so maybe it's a matter of the SSL implemented in mutt or something like that.

[Jasper]

An example of using the P11tool would be to generate your own security certificate if you were hosting an internal site that you wish your colleagues to share. You would ask them to import your certificate into their browser that would allow them to view your site.

[williwaw]

@williwaw

Well I deleted the certificates from the file, a new certificated was downloaded but it still failed to login. I'll test it again. Maybe I didn't type the password correctly.

But, the error I get is "no authenticators available or invalid credentials"

edit: So I'm beginning to think that it is a matter of Oauth2. My other account grabs a new certificate just fine, but mutt throws a message saying it can't save the certificate from microsoft. The certificate is stored in the mutt file, so maybe it's a matter of the SSL implemented in mutt or something like that.

find the certificate in thunderbird and try to copy it over to neomutt?
no webmail available to access this account?

[geo_c]

@williwaw

Well I deleted the certificates from the file, a new certificated was downloaded but it still failed to login. I'll test it again. Maybe I didn't type the password correctly.

But, the error I get is "no authenticators available or invalid credentials"

edit: So I'm beginning to think that it is a matter of Oauth2. My other account grabs a new certificate just fine, but mutt throws a message saying it can't save the certificate from microsoft. The certificate is stored in the mutt file, so maybe it's a matter of the SSL implemented in mutt or something like that.

find the certificate in thunderbird and try to copy it over to neomutt?
no webmail available to access this account?

I can access the account through Thunderbird. I hate MicroSoft so much that I only log into outlook365 from a browser in a pinch. I like using command line email clients, just because the text is easy to read, easy to organize and access my local mh mailboxes. The funny thing about mutt is the certificate is showing up in the mutt certificates file you pointed me to. It just doesn't work, which is why I think maybe outlook changed to Oauth2, as Thunderbird is setup that way.

[williwaw]

maybe outlook changed to Oauth2, as Thunderbird is setup that way.

is that where you log on and then have to fetch a code from a different email to complete the log in process? git hub makes me do that and its Microsoft owned.

[geo_c]

maybe outlook changed to Oauth2, as Thunderbird is setup that way.

is that where you log on and then have to fetch a code from a different email to complete the log in process? git hub makes me do that and its Microsoft owned.

I think you're referring to two factor authentication, which though "secure" seems nothing more to me than linking two of my devices in their database.

Outh2 is another authentication method, and I obviously don't know how it works.

[williwaw]

this tutorial seems to indicate oauth2 is enabled by the organization using the service

https://www.vanormondt.net/~peter/blog/ ... 5-mfa.html

also
https://devblogs.microsoft.com/microsof ... ge-online/