Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

Learn More

Ce sujet de discussion a été archivé. Veuillez poser une nouvelle question si vous avez besoin d’aide.

Cannot add Security Certificate (Security Exception) under the right server name

  • 1 réponse
  • 1 a ce problème
  • 8 vues
  • Dernière réponse par aNDy

aNDy
aNDy
more options

In my home network I have an IMAP server (dovecot) running with a self-signed SSL certificate. When I want to sync the mail ("Get Messages") then a window pops up (correctly) warning me about the "incorrect" certificate. (The window title is "Add Security Exception" and the error is "Wrong Site"). Wat is strange is that the Location indicated, is not the same as as the Server Name as set in the server settings in Thunderbird. Example: suppose I have a server name set as a.b.c.com, then in the warning window it would say imap.c.com:993 (so a.b removed and replaced by the word imap). I have no idea why the address gets changed.

If I confirm the security exception and store it, then the correct certificate is stored (checked fingerprint), but it is added under the wrong server name (under imap.c.com). Subsequent "Get Messages" will trigger the warning again.

If I correct in the warning window the Location to a.b.c.com:993, then is says No Information Available. If I correct it to the address with the SSL port number removed (so only a.b.c.com) then I can store the Security Exception, but the wrong certificate is stored. What is stored is the certificate that belongs to my web (https) server and what can be reached at my domain name b.c.com .

In the past the same set-up did work form both local network and from outside (obviously with some earlier version of Thunderbird), the security certificate was stored in the right way in Thunderbird. I still have clients running using the certificate that was stored some years ago. In one client I accidentally deleted it, and now I cannot get it back.

The system is an up to date Fedora 33 system.

In my home network I have an IMAP server (dovecot) running with a self-signed SSL certificate. When I want to sync the mail ("Get Messages") then a window pops up (correctly) warning me about the "incorrect" certificate. (The window title is "Add Security Exception" and the error is "Wrong Site"). Wat is strange is that the Location indicated, is not the same as as the Server Name as set in the server settings in Thunderbird. Example: suppose I have a server name set as a.b.c.com, then in the warning window it would say imap.c.com:993 (so a.b removed and replaced by the word imap). I have no idea why the address gets changed. If I confirm the security exception and store it, then the correct certificate is stored (checked fingerprint), but it is added under the wrong server name (under imap.c.com). Subsequent "Get Messages" will trigger the warning again. If I correct in the warning window the Location to a.b.c.com:993, then is says No Information Available. If I correct it to the address with the SSL port number removed (so only a.b.c.com) then I can store the Security Exception, but the wrong certificate is stored. What is stored is the certificate that belongs to my web (https) server and what can be reached at my domain name b.c.com . In the past the same set-up did work form both local network and from outside (obviously with some earlier version of Thunderbird), the security certificate was stored in the right way in Thunderbird. I still have clients running using the certificate that was stored some years ago. In one client I accidentally deleted it, and now I cannot get it back. The system is an up to date Fedora 33 system.

Toutes les réponses (1)

aNDy
aNDy Auteur de la question
more options

Meanwhile I found an answer to my own question. It seems to be a bug under Thunderbird 78.6.0, but it has a workaround: - Accept/store the certificate when asked - Exit Thunderbird - In your Thunderbird profile (~/.thunderbird/<profile name>/, or C:\Users\<pofile_name>\AppData\Roaming\Thunderbird\Profiles\<profile_in_use>\ ) there is a file called Cert_Override.txt (or cert_override.txt). - Edit that file, and change the address of the wrongly named certificate and port number to the correct address and port number. - Start Thunderbird

Related support question: https://support.mozilla.org/en-US/questions/1315845 Bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1665577