Secrurity Certificates are used for the StartMail website and for IMAP connections. Their purpose is to verify that you are safely connected to StartMail. The StartMail website uses an enhanced version of the traditional SSL certificate to provide additional assurance that you are safely connected to the StartMail.com website, whereas IMAP uses a normal certificate. Below you will find some of the most common issues users face with the StartMail Security Certificates.
Websites may show an error message stating that the connection is insecure. This is caused by a missing or invalid Security Certificate. If this is the case, no secure connection can be setup. Users can often still continue to use the website, but their connection will not receive an SSL/TLS encryption if the Security Certificate is missing. These error messages should be taken seriously, as they can also point to a so called "Man-in-the-Middle attack". (To learn what a Man-in-the-Middle attack is, please consult this Wikipedia article.)
Here are some examples of error messages displayed when the Security Certificate is missing or incorrect.
Fix in Operating System
Operating Systems use a global certificate database available to all applications.
In Windows, the global certificate database can be found as follows. Go to the Start menu and enter “Certificates”. You should now see an application called Manage computer certificates. This program holds all certificates installed on your Windows computer. Go to Personal > Trusted Root Certification Authorities > Intermediate Certification Authorities > Trusted Publishers > Untrusted Certificates. Remove all Buypass certificates located here.
Next, go to the Buypass download link, by clicking here. Under "Buypass Root Certificates (SSL)", download the Buypass Class 3 Root CA (for browsers) and the Buypass Class 2 Root CA (for IMAP). All further certificates will be downloaded and installed automatically by doubleclicking and then pressing the Install button.
For Mac users, Security Certificates are saved in the Keychain application. Please consult your Mac Keychain instructions for help.
Fix per browser
The fix per OS should already work, but the certificates can also be imported for each browser if so desired, except Safari and Edge.
Go to Options or Preferences in either the Tools menu, or by clicking the three horizontal bars at the top right of your browser. Next, click Advanced > View Certificates > Authorities. Here you can import the Buypass certificates. Please make sure to check Edit Thrust… and verify that This certificate can identify websites is enabled.
Click on the three vertical dots at the top right of your browser, and select Settings. Click Show advanced settings… and then select Manage certificates... Click Trusted Root Certification Authorities and import the Buypass certificates by clicking Import…
Go to Settings via alt+p or via the menu in the top left. Next, click Privacy & security, scroll down to "HTTPS/SSL" and click on Manage certificates. Click Trusted Root Certification Authorities and import the Buypass certificates by clicking Import…
Go to Internet options via Tools. Click Content and select Certificates > Trusted Root Certification Authorities. Import the Buypass certificates by clicking Import.