September 9, 2015 – I’ve revised this article, simplifying and shortening the steps involved!
See the revised article here.
I’ve used this old and outdated Windows mail client since it was kind of new, more than 25 years ago. I chose it when I was moving my message store from a shell account to a PC, right around when PCs started to get reliable enough such work. Eudora was the first client I discovered whose message store was a simple transfer from Unix, drop-in, and run. I never looked back. Since then I’ve developed a rather extensive set of filters and such to efficiently manage dozens of email accounts and tens of GB of messages.
Bummer, Eudora hasn’t been actively supported since Qualcomm gave it up in 2006. Yeah, I know, it went Open Source. But IMHO they went and screwed it up.
As with any unsupported software, sometimes the passage of time breaks things. More than a few times I’ve cast about for another capable email client. It’s always gone the same way: I find none, get tired of searching, and turn my attention to propping the old girl up just a bit longer.
One afternoon in October last year one of my email hosts suddenly rejected its SSL certificate. It happens. When it does, Eudora offers to trust the new certificate. Thereafter all’s well. Not this time.
It wasn’t my host, and it wasn’t a critical account. Via trouble tickets, I went back and forth with the admins at the hosting company for the better part of a month. They’d suggest something, I’d try it – and maybe try a few things on my own – but nothing worked. Along the way I cast about for a replacement client and I came up dry. Finally I just shut off SSL for the account and got on with life. Not the best solution, but it worked. I really do need to find a new client! Maybe tomorrow… Yeah, right.
Last night Eudora rejected more certificates. This time it affected a multiple accounts on different domains. These were more important to me so I needed a solution.
And I found one.
First, some groundwork. My Eudora is version 188.8.131.52 running on Windows 8.1 Update 1. Of note, Eudora has a patched QCSSL.dll, needed since Microsoft made some changes to a library that caused the old client to loop for a Very… Long… Time… on the first use of SSL. I think that was around the time Windows 7 launched. Depending on your version(s), you may find differences in the dialogues and steps. I tried to give enough detail that you might find your way.
Let’s get started. The certificate rejection error looks like this:
See the question in the dialogue, “Do you want to trust this certificate in future sessions?”
It once was a simple matter of clicking the Yes button and that would be that. But that didn’t work in October and it didn’t work last night either.
Heres what to do to fix the problem.
Close the error dialogue and open Properties for the affected Persona. On the Incoming Mail tab (because it’s likely that a receive operation failed first), click the Last SSL Info button. The Eudora SSL Connection Information Manager opens. It looks like this:
There’s some weirdness in this dialogue, some confusion over host names. I think it’s a junk message. Click the Certificate Information Manager button. The Certificate Information Manager opens, and it looks like this:
Look at the section called Server Certificates. See the smiley face? That means trusted status. Expand that certificate tree in the usual way – click the plus sign next to it. Keep expanding, drilling down until you see one that’s untrusted. That’s the one with the skull ‘n crossbones. Of course.
The Certificate Information Manager panel, with the untrusted certificate, will now look something like this:
Click the offending untrusted certificate to select it then click the View Certificate Details button. The Certificate opens. It looks like this:
Select the General tab, if necessary, and click the Install Certificate button. The Certificate Import Wizard panel opens. It looks like this:
Choose a Store Location – Current User or Local Machine – as needed for your situation. I chose the Current User because I’m the only user on this box. Click the Next button. The Certificate Import Wizard continues, and it looks like this:
The wizard asks where to store the certificate. Windows can automatically choose the Store based on the type of certificate, and that’s a pretty good choice. It’s also the default. Click the Next button to display a confirmation panel. It looks like this.
Click the Finish button.
Whew! It looks like the import was successful.
Click the OK button to close the Certificate Import Wizard.
Now, you’ll be looking at the Certificate Information Manager again, just how we left it.
With the untrusted skull ‘n crossbones certificate highlighted, click the Add To Trusted button. Then click the Done button to close the Certificate Information Manager.
Finally, try to reach the server that rejected the SSL certificate in the first place.
Did it work?
If it did then you’re finished.
Uh oh, waddya mean, it didn’t work?
You’ll need to go back and follow those steps again.
I hear you now. “Only an idiot does the same thing over and over expecting different results.”
Well, you’ll notice that the next time through the Certificate Information Manager will show a deeper tree of Server Certificates before you get to the untrusted certificate. You’ll need to drill deeper.
You may need to import and add several before achieving success. After a couple of imports it’s easy to forget the Add To Trusted button. Don’t ask me how I know!
I hope that helps someone.
Sometimes I think I’m the very last Eudora user out there. I’d love to hear from others. In fact, if you’ve moved off Eudora and found a decent replacement, I’d love to hear that, too. I know it’s only a matter of time.
Additional information added April 17, 2015…
One person described, in the comments below, that
he she had some difficulty with the Add To Trusted button in the Certificate Information Manager when working with Google’s new certificates. His Her insight came when he she realized that he she was simultaneously viewing this post with Google Chrome. When he she closed Chrome and went through the process again, everything worked.
A big THANK YOU goes out to one Pat Toner for checkin’ in and increasing the value of this post with
his her feedback. I owe you a beer, Pat. And an apology for my gender assumption based on name.