Server certificate was rejected by the verifier because it has expired.

0 votes
asked Aug 7, 2016 by azim_cse18 (200 points)

At first i am using trail version of Rebex Imap. After trial period expired i bought Rebex Secure Mail for .NET - 1 developer.

I have replaced all old DLL by new one but i am getting this exception
"Server certificate was rejected by the verifier because it has expired."

How could i solve this problem ?

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Aug 8, 2016 by Tomas Knopp (58,560 points)
edited Aug 8, 2016 by Lukas Pokorny
 
Best answer

The "Server certificate was rejected by the verifier because it has expired" error occurs when the validity period of the server certificate is over. When a certificate expires, the proper thing to do is to renew it (or replace it with a new certificate) - this has to be done at the server.

In rare cases when this can’t be done (if you don’t have control over the server and its administrators are refusing to solve the problem), it's possible to work around this issue by writing a custom certificate handler.

commented Aug 8, 2016 by azim_cse18 (200 points)
Is there any other way to solve this?
Because custom certificate validation slow down my download process.
commented Aug 8, 2016 by Lukas Pokorny (82,430 points)
A fingerprint-based custom certificate validation equivalent to the code above is in fact substantially faster than the default validation, which involves multiple asymmetric key operations and possibly even downloading of certificate revocation lists. Unless you are doing something much more complicated in the certificate validation event handler, this is unlikely to slow down your download process, and the slow down is most likely caused by something else.

In any case, solving the "Server certificate was rejected by the verifier because it has expired" problem by switching to a custom fingerprint-based certificate validator is strongly discouraged - it will stop working as soon as someone fixes the issue at the server by renewing the certificate (which is actually the proper solution to this problem).
...