Explain the 'SSL certificate verification' option.
- From the Windows Start menu, search for and open "Internet Options" (Control Panel)
- Select the "Content" tab
- Press the "Certificates" button
- Select the "Trusted Root Certificate Authorities" tab
- From POP Peeper's main menu, select Tool / PPtweaker
- Select the "Certificates" page
- Check the box for "Enable SSL certificate verification"
This feature was added in v4.4
When connecting to an email account using SSL/TLS, the server will send a certificate to help prove that it is the server you were actually trying to connect to. POP Peeper will use that certificate in conjunction with a local certificate (POP Peeper automatically imports certificates that are trusted by Windows) to verify the server. If any error occurs during the process, POP Peeper will terminate the connection. This process occurs before you login, so your login/password are not sent in the event that the server isn't trusted.
To view the certificates that POP Peeper uses from Windows:
Enable/Disable SSL certificate verification:
This option verifies that the hostname that POP Peeper is connecting to matches the hostname in the certificate. Enabling this setting further improves security. In most cases, this will not cause any issues; however, if you are using email provided by a shared webhost, you may get certificate mismatch errors. In these situations, you may need to use a different server name to correctly access your email. For example, if your webhost is webhost.com and your personal domain is yourdomain.com: instead of accessing mail.yourdomain.com, you may need to use mail.webhost.com -- but check the settings provided by your webhost. If you have a large number of accounts already setup using the wrong hostname, you may use exceptions (see below) to effectively (and securely) change the hostname.
Bypass SSL certification:
In very rare cases, you may need to bypass SSL certification for a particular server. To add a server to the exeptions list, go to Tools / PPtweaker / Certificates and add the server (e.g. mail.example.com) -- one hostname per line. This feature should only be used if you're sure that it's necessary.
You can also use exceptions to replace one domain for another for the sake of hostname matching (see hostname matching above for an example). To do this: on a single line enter the hostname that you're using followed by a space and then the hostname that should be used for matching.