MozillaZine


Certificate Exception

User Help for Mozilla Thunderbird
ddavies
 
Posts: 2
Joined: April 22nd, 2013, 8:43 am

Post Posted April 22nd, 2013, 10:11 am

Thunderbird has been working fine and then this morning I got a certificate exception error message. It says this site imap.googlemail.com:993 attempts to validate itself with invalid information. I did not change anything. How do I correct this problem?

LIMPET235
Moderator

User avatar
 
Posts: 39349
Joined: October 19th, 2007, 1:53 am
Location: The South Coast of N.S.W. Oz.

Post Posted April 22nd, 2013, 10:16 am

Moving to Thunderbird Support...
Ancient Amateur Astronomer
Win-7-HP/Intel® DualCore-2.0GHz/500G HDD/4 Gig Ram/550Watt PSU/350WattUPS/Firefox-20.0-62.0-70.0/T-bird-2.0.0.24/SnagIt-v10.0.1/MWP-7.12.
W.M.Y.C.
(Always choose the "Custom" Install.)

idiota
 
Posts: 2
Joined: April 26th, 2013, 3:35 pm

Post Posted April 26th, 2013, 4:23 pm

I have exactly the same problem, it just started this morning.

I made sure that SSL is off so Avast is happy. Then I closed Thunderbird, deleted my profile folder in %APPDATA%, tried to set up the account again - same problem. I uninstalled and reinstalled, start setting up my account, it accepts my gmail username/password then the error pops up: "Add security exception. You are about to override how Thunderbird identifies this site, imap.googlemail.com:993 attempts to validate itself with invalid information"

This totally stops me from using Thunderbird after I have been a happy customer for several years. I agree with ddavies this came out of nowhere and I did not change anything.

Sorry Moderator LIMPET235 your reply is a bit cryptic. Are you getting someone to look at this? Does anyone else have the same problem?

Donna_T
 
Posts: 1
Joined: April 27th, 2013, 10:06 am

Post Posted April 27th, 2013, 10:13 am

I am also having this problem, I recently updated to Thunderbird 17.0.5 and thought this might be the problem so I removed the newer program & installed the older one but the pop up still happens. And it's doing it in the middle of when I'm typing out e-mails. For me this has been happening since Wednesday 4/24/13

johnjmouse
 
Posts: 8
Joined: March 16th, 2013, 4:10 am

Post Posted April 27th, 2013, 1:02 pm

I too, am having this problem on Thunderbird 17.0.5. Can we please have an answer to this problem? I use TB for three email accounts for business.

idiota
 
Posts: 2
Joined: April 26th, 2013, 3:35 pm

Post Posted April 27th, 2013, 1:31 pm

Donna_T,

I just discovered that the latest avast anti-virus no longer requires us to disable SSL in thunderbird. Don't know if that's what you are using, but.... I just deleted my profile folder and re created my accounts with SSL on (as it does by default) and the problem seems to have gone away. I hope that helps you guys?

*************
BORE, n. A person who talks when you wish him to listen.
- "The Devil's Dictionary", by Ambrose Bierce

pablompalermo
 
Posts: 1
Joined: April 30th, 2013, 1:24 pm

Post Posted April 30th, 2013, 1:34 pm

Im having the same problem. Though it was due to gmail double identification process, so I turned it out.
Then re-installed Thunderbird; deleted and re-opened my gmail account onto the browser. But nothing happens I just cannot conect to imap.googlemail.com:993 (also tryed imap.gmail.com and nothing)
Windows 7 / TB 17.0.5 / Nod32 Antivirus + FW

...also chequed the AV exception and nothing seems to be blocking gmail imap ... If this continues Ill have to quit using Thunderbird and Im really an old user

Please helpppppppppppp

bosko
 
Posts: 1
Joined: July 26th, 2005, 9:06 am

Post Posted May 1st, 2013, 6:37 pm

I'm also having this issue since the 28th. (W7, TB version 17.0.5)

Not using Avast, using CA Total Defense for AV.

mgagnonlv
 
Posts: 764
Joined: February 12th, 2005, 8:33 pm

Post Posted May 3rd, 2013, 9:23 pm

It's actually very simple but confusing. Click on "view certificate" and you'll know who owns the certificate.

You are calling "imap.googlemail.com". However, it seems to use a certificate that is signed "mail.google.com" (at least, that's what I have). Therefore, Thunderbird complains that you are trying to install a certificate that might not be the proper one. So once you confirm the exception, you'll be OK for 1 or 2 years.

On the other hand, if you see that the certificate is owned by "thisCrookedCompany.com", then run away as fast as you can.
Michel Gagnon
Montréal (Québec, Canada)

PegM_4
 
Posts: 76
Joined: July 25th, 2008, 4:26 am

Post Posted June 8th, 2013, 5:43 am

mgagnonlv wrote:It's actually very simple but confusing. Click on "view certificate" and you'll know who owns the certificate.

You are calling "imap.googlemail.com". However, it seems to use a certificate that is signed "mail.google.com" (at least, that's what I have). Therefore, Thunderbird complains that you are trying to install a certificate that might not be the proper one. So once you confirm the exception, you'll be OK for 1 or 2 years.

On the other hand, if you see that the certificate is owned by "thisCrookedCompany.com", then run away as fast as you can.


Thanks. I also started getting this message this morning. It was Avast as someone else suggested. Appreciate the info on how to handle it.

PegM =D>

Xenophile
 
Posts: 38
Joined: September 6th, 2004, 3:44 pm
Location: New York

Post Posted August 17th, 2014, 1:17 pm

PegM_4 wrote:
mgagnonlv wrote:It's actually very simple but confusing. Click on "view certificate" and you'll know who owns the certificate.

You are calling "imap.googlemail.com". However, it seems to use a certificate that is signed "mail.google.com" (at least, that's what I have). Therefore, Thunderbird complains that you are trying to install a certificate that might not be the proper one. So once you confirm the exception, you'll be OK for 1 or 2 years.

On the other hand, if you see that the certificate is owned by "thisCrookedCompany.com", then run away as fast as you can.


Thanks. I also started getting this message this morning. It was Avast as someone else suggested. Appreciate the info on how to handle it.

PegM =D>
I too have "the certificate problem" but my OS is Windows 8.1! Should the security certificate work for Win8.1? My TB is 31. My certificate reads "Epidata.google.googleusercontent.com:443". It says it was issued to "Google Internet Authority G2" and verified for "SSL Silver Certificate". This is all GobbledyGoogle :? to me but clearly something is amiss! Any help would be appreciated as this has been a nuisance since I got the new Lenovo Yoga Pad a year ago.

tanstaafl
Moderator

User avatar
 
Posts: 47309
Joined: July 30th, 2003, 5:06 pm

Post Posted August 17th, 2014, 5:46 pm

See http://www.avast.com/en-eu/faq.php?arti ... 1#artTitle . You may have run into a problem due to upgrading from Avast 7.x to Avast 2014. They changed how they scan email over SSL connections. It used to require you to connect to a 127.0.0.1/localhost proxy (or disable SSL so that you did not use a secure connection). They now do a benign MITM (man in the middle) attack. viewtopic.php?p=13697621#p13697621

Among other things you will need to import a Mail Shield certificate to the Mozilla Thunderbird certificate store. If you did a fresh installation of Avast 2014 (not a upgrade to it) see http://kb.mozillazine.org/SSL_Security_Error . In that case your problem might have nothing to do with Avast!.

https://pki.google.com/ contains information on Google Internet Authority G2, Google’s intermediate CA which issues digital certificates for Google web sites and properties. http://blog.kerika.com/googleuserconten ... y-cookies/ states "Recently, Google has started storing images in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change." However, its not clear to me what "Epidata.google.googleusercontent.com:443" would have to do with a connection to POP or IMAP account. That sounds more like something that might occur when trying to open a remote image for a HTML message using HTTPS.

Xenophile
 
Posts: 38
Joined: September 6th, 2004, 3:44 pm
Location: New York

Post Posted August 17th, 2014, 8:52 pm

tanstaafl wrote:See <!-- m --><a class="postlink" href="http://www.avast.com/en-eu/faq.php?article=AVKB91#artTitle">http://www.avast.com/en-eu/faq.php?arti ... 1#artTitle</a><!-- m --> . You may have run into a problem due to upgrading from Avast 7.x to Avast 2014. They changed how they scan email over SSL connections. It used to require you to connect to a 127.0.0.1/localhost proxy (or disable SSL so that you did not use a secure connection). They now do a benign MITM (man in the middle) attack. <!-- l --><a class="postlink-local" href="http://forums.mozillazine.org/viewtopic.php?p=13697621#p13697621">viewtopic.php?p=13697621#p13697621</a><!-- l -->

Among other things you will need to import a Mail Shield certificate to the Mozilla Thunderbird certificate store. If you did a fresh installation of Avast 2014 (not a upgrade to it) see <!-- m --><a class="postlink" href="http://kb.mozillazine.org/SSL_Security_Error">http://kb.mozillazine.org/SSL_Security_Error</a><!-- m --> . In that case your problem might have nothing to do with Avast!.

<!-- m --><a class="postlink" href="https://pki.google.com/">https://pki.google.com/</a><!-- m --> contains information on Google Internet Authority G2, Google’s intermediate CA which issues digital certificates for Google web sites and properties. <!-- m --><a class="postlink" href="http://blog.kerika.com/googleusercontent-com-can-trip-you-up-if-you-disable-third-party-cookies/">http://blog.kerika.com/googleuserconten ... y-cookies/</a><!-- m --> states "Recently, Google has started storing images in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change." However, its not clear to me what "Epidata.google.googleusercontent.com:443" would have to do with a connection to POP or IMAP account. That sounds more like something that might occur when trying to open a remote image for a HTML message using HTTPS.


Thanks for your help. I forgot to include the following description of when this problem first arose for me, which may help diagnose the problem.
When the change in Google's Caldav was announced last year I read the instructions at http://blog.mozilla.org/calendar/2013/0 ... -calendars, and I did what I was told and inserted the following string into my Thunderbird 31 (I no longer remember how or where): "apidata.google.googleusercontent.com:443". Now when I launch Thunderbird I get the messages: "Add security exception: You are about to override how TB identifies this site.".

tanstaafl
Moderator

User avatar
 
Posts: 47309
Joined: July 30th, 2003, 5:06 pm

Post Posted August 17th, 2014, 10:13 pm

https://developers.google.com/google-ap ... v/v2/guide

If you did this last year you weren't running Thunderbird 31 then, and it worked for at least half a year. I don't know enough about the CalDAV endpoint to help you, I use ReminderFox as my calendar add-on, not Lightning. I suggest you ask for help in the Calendar forum on this web site about what to do about "apidata.google.googleusercontent.com:443" creating a security exception. If you do that please post a link to that thread so that I can see what calendar experts like ssitter say about it. I didn't find any recent posts in that forum about certificate/security exceptions problems with Google.

See if any of the comments near the end of https://bugzilla.mozilla.org/show_bug.cgi?id=920755 help

Return to Thunderbird Support


Who is online

Users browsing this forum: No registered users and 2 guests