mail program and avast - how to import certificate.

biggerabalone

biggerabalone last edited by

i didn't see a forum spot for the opera mail program ... sorry, i'll post here.

how do you input in a security certificate into the opera mail program? avast has given me one to allow scanning of my emails, but i don't see where to import it? it's a .der file and is needed for ssl/tls. without it the program doesn't work. i can turn off avast scanning of emails over ssl/tls but don't want too.

burnout426

burnout426 Volunteer last edited by

If Opera Mail doesn't pop up a dialog asking you to accept the certificate, I'm not sure what you can do as the "manage certificates" command to get the dialog to manually install a cert no longer works (they broke it when trying to strip some of the browser stuff out).

You could try deleting opcert6.dat in the preferences folder (see help -> about Opera Mail for the location) to see if Opera will ask you again. If not, I'm not sure what you can do.

Opera Mail is the same mail client that's built into Opera 12.16. So, you could use 12.16 just for mail. There you should have a problem.

sgunhouse

sgunhouse Moderator Volunteer last edited by

The issue isn't really one of accepting the certificate. I have Avast on this computer, Opera gives me a warning because of the certificate mismatch (Avast's certificate rather than the mail provider's). It's a "man in the middle" warning, you can't turn it off - even though in this case the "man in the middle" - Avast - is supposed to be there. Only way around it is to tell Opera not to use a secure connection, knowing that Avast will still use the secure connection anyway.

burnout426

burnout426 Volunteer last edited by

The issue isn't really one of accepting the certificate.

O.K.

Opera gives me a warning because of the certificate mismatch

Are you able to manually install the cert (in 12.16 at least) in Opera to see if that warning goes away? I seem to remember that would make the warning go away (but not tested specifically with any Avast certs).

Only way around it is to tell Opera not to use a secure connection, knowing that Avast will still use the secure connection anyway.

+1.

quhno

quhno last edited by

... or simply tell Avast not to scan incoming mails as Opera does not execute anything in mails. Checking the folder where opera stores the mails should suffice.

I personally consider the behavior of those scanners to intercept the connection without showing me the real certificate or allowing me to check from inside of the mail program harmful. I want to be able to check the certs and I want to see immediate warnings and hints because I want to be able to react.

Funny side note:
Some time ago I've got a mail from a person who sent the source code of a web page as text inside of the plain text body, with the warning that it contains some hijacker/trojan code and if I could have a look at it. Indeed it contained some heavy obfuscated evil code. At that time Avast didn't know the hijacker/trojan, but later, when they caught up, it always complained about the stored but in its form harmless mail because it sees the hijacker/trojan code in the text but does not recognize that it is harmless, while it is stored as mbs - at least as long as nobody gets the idea to deliberately make it executable, which I for sure wont

hrobky

hrobky last edited by

Answer:

How to use Opera browser to manage OperaMail's CA certificates

Suppose you already have the DER (.crt, .cer, .der) certificate file to be imported and OperaMail installed.

1. Install Opera browser 12.17
2. Exit OperaMail and Opera browser
3. Rename your original %appdata%\Opera\Opera\opcacrt6.dat to opcacrt6.dat.old
4. Move %appdata%\Opera Mail\Opera Mail\opcacrt6.dat to %appdata%\Opera\Opera\
5. Start Opera browser 12.17 and use it normally to import certs (tools, preferences, advanced, security, manage certificates, authorities, import)
6. Exit Opera browser
7. Move the opcacrt6.dat back to OperaMail AppData folder
8. Restore the opcacrt6.dat.old back to opcacrt6.dat

I imported the "avast! Mail Scanner Root" cert this way and it resolved the issue. If you want to work on Intermediate or Approved certificates, you should use opicacrt6.dat and opcert6.dat respectively.

I hope OperaMail is just a quick standalone build of Opera M2 client and will use Windows cert store like the new Opera does today.

sgunhouse

sgunhouse Moderator Volunteer last edited by

The issue is not that ...

I use Avast on my desktop system (running XP). When the dialog comes up, click on the second tab of the dialog. There you will see an option to remember the choice for this certificate - click that checkbox, then click on Accept. You'll have to do the same thing for both the incoming and outgoing servers, so be aware that even though you've accepted the certificate (and told it to remember) for the incoming server you'll get another dialog the first time you send mail to that account. And of course if you have more than one account, that's twice for each account ...