T-Bird problem, or CA, or *gasp* maybe something I did?

[GlassDeviant]

Having a problem with Thunderbird, as follows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security Error: Domain Name Mismatch

You have attempted to establish a connection with "mail.fakecompany.ca". However, the security certificate presented belongs to "". It is possible...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When I view the certificate, however, I get this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
E = admin@fakecompany.com
CN = fakecompany.com
OU = fakecompany Inc.
O = fakecompany Inc.
L = Fake City
ST = BC
C = CA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It seems that Thunderbird is not getting any value for the owner of the certificate. Have I done something wrong in my certificate request? Do I need to change something? Should it be for mail.fakecompany.com?

Cheers,

- Paul

[tanstaafl]

How did you view the certificate? Was it from the error message or were you able to look at it using the certificate manager? Tools -> account settings -> server settings -> security -> view certificates -> server doesn't display a SSL certificate when I make a secure connection.

I would expect the common name (CN) to be the mail server you connect to. In your case it would be "mail.fakecompany.ca". That would match the conventions I see when looking at a SSL certificate for a secure connection in Firefox. I have some S/MIME certificates in Thunderbird but they follow a different convention.

[GlassDeviant]

I got that from, of all things, the cert info dialog in Thunderbird. So why the error message says "" is the owner, is completely puzzling to me.

[GlassDeviant]

OK, completely redid the SSL certificate, with the assistance of the CA throughout the process in making sure it is done correctly, but I am still getting this:

Security Error: Domain Name Mismatch
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You have attempted to establish a connection with "mail.fakecompany.ca". However, the security certificate presented belongs to "". It is possible...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[View Certificate] [OK] [Cancel]

The certificate is correct, verified by the CA (ipsCA.com), double checked, triple checked, even Thunderbird shows in the Certificate Viewer that the owner of the vertificate is not blank, but Thunderbird still gives me this error when trying to send mail.

Firefox has no problems with the certificate.

So what is going on here, folks?

[tanstaafl]

Does the problem occur for both the POP and SMTP servers?

Are you connecting to a single mail server or a farm? The reason I ask is at one time the SSL certificate for AOL/AIM only worked for one of several IMAP mail servers you could connect to.

What version of Thunderbird are you using?

[GlassDeviant]

Latest stable Tbird, problem is smtp only, there can be...err is...only one (server).

[tanstaafl]

Whats the difference (according to Thunderbird) between the POP and SMTP certificates? Just different s/n and issue date or ...?

[GlassDeviant]

There is only one certificate.

[tanstaafl]

I suggest you try to duplicate the problem using another email client such as outlook express or windows mail. I suspect it will have the same problem if you configure them the same. It sounds like your email provider is playing some sort of game with the smtp server that incorrectly shows up as a certificate error.

[GlassDeviant]

The cert works fine with everything I have tried, except Thunderbird.

I am the email provider.

I've posted at the Zimbra forums too, to see if there is something with the MTA that I need to check, but it always seems to come back to the fact that T-Bird sees the correct information, that is proven in the Certificate Viewer within T-Bird. So why does this other dialog say that it has no information for the owner of the certificate?

Edit: This server is set up for secure email only, non-SSL connections are not accepted. Is there something I need to configure in T-Bird to accept that fact?

[Rod Whiteley]

Perhaps it would help if you reveal the real name of the server, so that other people can see the problem for themselves.

[GlassDeviant]

ok here is the error I am getting:

http://home.cogeco.ca/~mistoffeles/error.jpg

and here is the certificate info as displayed by the MTA on the admin console (webmail GUI):

http://home.cogeco.ca/~mistoffeles/certFromZimbra.jpg

[tanstaafl]

Your mail server appears to be in a different domain (mail.entel-communications.ca) than the certificate (mail.entel-communications.com).

[GlassDeviant]

Just a follow-up, that was indeed the problem, staring me right in the face. But I was so close to it that I simply couldn't see it. Reminds me of taking programing in high school and college, when someone would come up behind you and point out where you had a missing or misplaced comma or semicolon, or something, that was keeping your code from compiling but not providing a useful error message.