Certificate Exception

User Help for Mozilla Thunderbird
Post Reply
ddavies
Posts: 2
Joined: April 22nd, 2013, 8:43 am

Certificate Exception

Post by ddavies »

Thunderbird has been working fine and then this morning I got a certificate exception error message. It says this site imap.googlemail.com:993 attempts to validate itself with invalid information. I did not change anything. How do I correct this problem?
User avatar
LIMPET235
Moderator
Posts: 39932
Joined: October 19th, 2007, 1:53 am
Location: The South Coast of N.S.W. Oz.

Re: Certificate Exception

Post by LIMPET235 »

Moving to Thunderbird Support...
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.

(Always choose the "Custom" Install.)
idiota
Posts: 2
Joined: April 26th, 2013, 3:35 pm

Re: Certificate Exception

Post by idiota »

I have exactly the same problem, it just started this morning.

I made sure that SSL is off so Avast is happy. Then I closed Thunderbird, deleted my profile folder in %APPDATA%, tried to set up the account again - same problem. I uninstalled and reinstalled, start setting up my account, it accepts my gmail username/password then the error pops up: "Add security exception. You are about to override how Thunderbird identifies this site, imap.googlemail.com:993 attempts to validate itself with invalid information"

This totally stops me from using Thunderbird after I have been a happy customer for several years. I agree with ddavies this came out of nowhere and I did not change anything.

Sorry Moderator LIMPET235 your reply is a bit cryptic. Are you getting someone to look at this? Does anyone else have the same problem?
Donna_T
Posts: 1
Joined: April 27th, 2013, 10:06 am

Re: Certificate Exception

Post by Donna_T »

I am also having this problem, I recently updated to Thunderbird 17.0.5 and thought this might be the problem so I removed the newer program & installed the older one but the pop up still happens. And it's doing it in the middle of when I'm typing out e-mails. For me this has been happening since Wednesday 4/24/13
johnjmouse
Posts: 8
Joined: March 16th, 2013, 4:10 am

Re: Certificate Exception

Post by johnjmouse »

I too, am having this problem on Thunderbird 17.0.5. Can we please have an answer to this problem? I use TB for three email accounts for business.
idiota
Posts: 2
Joined: April 26th, 2013, 3:35 pm

Re: Certificate Exception

Post by idiota »

Donna_T,

I just discovered that the latest avast anti-virus no longer requires us to disable SSL in thunderbird. Don't know if that's what you are using, but.... I just deleted my profile folder and re created my accounts with SSL on (as it does by default) and the problem seems to have gone away. I hope that helps you guys?

*************
BORE, n. A person who talks when you wish him to listen.
- "The Devil's Dictionary", by Ambrose Bierce
pablompalermo
Posts: 1
Joined: April 30th, 2013, 1:24 pm

Re: Certificate Exception

Post by pablompalermo »

Im having the same problem. Though it was due to gmail double identification process, so I turned it out.
Then re-installed Thunderbird; deleted and re-opened my gmail account onto the browser. But nothing happens I just cannot conect to imap.googlemail.com:993 (also tryed imap.gmail.com and nothing)
Windows 7 / TB 17.0.5 / Nod32 Antivirus + FW

...also chequed the AV exception and nothing seems to be blocking gmail imap ... If this continues Ill have to quit using Thunderbird and Im really an old user

Please helpppppppppppp
bosko
Posts: 1
Joined: July 26th, 2005, 9:06 am

Re: Certificate Exception

Post by bosko »

I'm also having this issue since the 28th. (W7, TB version 17.0.5)

Not using Avast, using CA Total Defense for AV.
mgagnonlv
Posts: 848
Joined: February 12th, 2005, 8:33 pm

Re: Certificate Exception

Post by mgagnonlv »

It's actually very simple but confusing. Click on "view certificate" and you'll know who owns the certificate.

You are calling "imap.googlemail.com". However, it seems to use a certificate that is signed "mail.google.com" (at least, that's what I have). Therefore, Thunderbird complains that you are trying to install a certificate that might not be the proper one. So once you confirm the exception, you'll be OK for 1 or 2 years.

On the other hand, if you see that the certificate is owned by "thisCrookedCompany.com", then run away as fast as you can.
Michel Gagnon
Montréal (Québec, Canada)
PegM_4
Posts: 76
Joined: July 25th, 2008, 4:26 am

Re: Certificate Exception

Post by PegM_4 »

mgagnonlv wrote:It's actually very simple but confusing. Click on "view certificate" and you'll know who owns the certificate.

You are calling "imap.googlemail.com". However, it seems to use a certificate that is signed "mail.google.com" (at least, that's what I have). Therefore, Thunderbird complains that you are trying to install a certificate that might not be the proper one. So once you confirm the exception, you'll be OK for 1 or 2 years.

On the other hand, if you see that the certificate is owned by "thisCrookedCompany.com", then run away as fast as you can.


Thanks. I also started getting this message this morning. It was Avast as someone else suggested. Appreciate the info on how to handle it.

PegM =D>
Xenophile
Posts: 38
Joined: September 6th, 2004, 3:44 pm
Location: New York

Re: Certificate Exception

Post by Xenophile »

PegM_4 wrote:
mgagnonlv wrote:It's actually very simple but confusing. Click on "view certificate" and you'll know who owns the certificate.

You are calling "imap.googlemail.com". However, it seems to use a certificate that is signed "mail.google.com" (at least, that's what I have). Therefore, Thunderbird complains that you are trying to install a certificate that might not be the proper one. So once you confirm the exception, you'll be OK for 1 or 2 years.

On the other hand, if you see that the certificate is owned by "thisCrookedCompany.com", then run away as fast as you can.


Thanks. I also started getting this message this morning. It was Avast as someone else suggested. Appreciate the info on how to handle it.

PegM =D>
I too have "the certificate problem" but my OS is Windows 8.1! Should the security certificate work for Win8.1? My TB is 31. My certificate reads "Epidata.google.googleusercontent.com:443". It says it was issued to "Google Internet Authority G2" and verified for "SSL Silver Certificate". This is all GobbledyGoogle :? to me but clearly something is amiss! Any help would be appreciated as this has been a nuisance since I got the new Lenovo Yoga Pad a year ago.
User avatar
tanstaafl
Moderator
Posts: 49647
Joined: July 30th, 2003, 5:06 pm

Re: Certificate Exception

Post by tanstaafl »

See http://www.avast.com/en-eu/faq.php?arti ... 1#artTitle . You may have run into a problem due to upgrading from Avast 7.x to Avast 2014. They changed how they scan email over SSL connections. It used to require you to connect to a 127.0.0.1/localhost proxy (or disable SSL so that you did not use a secure connection). They now do a benign MITM (man in the middle) attack. viewtopic.php?p=13697621#p13697621

Among other things you will need to import a Mail Shield certificate to the Mozilla Thunderbird certificate store. If you did a fresh installation of Avast 2014 (not a upgrade to it) see http://kb.mozillazine.org/SSL_Security_Error . In that case your problem might have nothing to do with Avast!.

https://pki.google.com/ contains information on Google Internet Authority G2, Google’s intermediate CA which issues digital certificates for Google web sites and properties. http://blog.kerika.com/googleuserconten ... y-cookies/ states "Recently, Google has started storing images in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change." However, its not clear to me what "Epidata.google.googleusercontent.com:443" would have to do with a connection to POP or IMAP account. That sounds more like something that might occur when trying to open a remote image for a HTML message using HTTPS.
Xenophile
Posts: 38
Joined: September 6th, 2004, 3:44 pm
Location: New York

Re: Certificate Exception

Post by Xenophile »

tanstaafl wrote:See <!-- m --><a class="postlink" href="http://www.avast.com/en-eu/faq.php?article=AVKB91#artTitle">http://www.avast.com/en-eu/faq.php?arti ... 1#artTitle</a><!-- m --> . You may have run into a problem due to upgrading from Avast 7.x to Avast 2014. They changed how they scan email over SSL connections. It used to require you to connect to a 127.0.0.1/localhost proxy (or disable SSL so that you did not use a secure connection). They now do a benign MITM (man in the middle) attack. <!-- l --><a class="postlink-local" href="http://forums.mozillazine.org/viewtopic.php?p=13697621#p13697621">viewtopic.php?p=13697621#p13697621</a><!-- l -->

Among other things you will need to import a Mail Shield certificate to the Mozilla Thunderbird certificate store. If you did a fresh installation of Avast 2014 (not a upgrade to it) see <!-- m --><a class="postlink" href="http://kb.mozillazine.org/SSL_Security_Error">http://kb.mozillazine.org/SSL_Security_Error</a><!-- m --> . In that case your problem might have nothing to do with Avast!.

<!-- m --><a class="postlink" href="https://pki.google.com/">https://pki.google.com/</a><!-- m --> contains information on Google Internet Authority G2, Google’s intermediate CA which issues digital certificates for Google web sites and properties. <!-- m --><a class="postlink" href="http://blog.kerika.com/googleusercontent-com-can-trip-you-up-if-you-disable-third-party-cookies/">http://blog.kerika.com/googleuserconten ... y-cookies/</a><!-- m --> states "Recently, Google has started storing images in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change." However, its not clear to me what "Epidata.google.googleusercontent.com:443" would have to do with a connection to POP or IMAP account. That sounds more like something that might occur when trying to open a remote image for a HTML message using HTTPS.


Thanks for your help. I forgot to include the following description of when this problem first arose for me, which may help diagnose the problem.
When the change in Google's Caldav was announced last year I read the instructions at http://blog.mozilla.org/calendar/2013/0 ... -calendars, and I did what I was told and inserted the following string into my Thunderbird 31 (I no longer remember how or where): "apidata.google.googleusercontent.com:443". Now when I launch Thunderbird I get the messages: "Add security exception: You are about to override how TB identifies this site.".
User avatar
tanstaafl
Moderator
Posts: 49647
Joined: July 30th, 2003, 5:06 pm

Re: Certificate Exception

Post by tanstaafl »

https://developers.google.com/google-ap ... v/v2/guide

If you did this last year you weren't running Thunderbird 31 then, and it worked for at least half a year. I don't know enough about the CalDAV endpoint to help you, I use ReminderFox as my calendar add-on, not Lightning. I suggest you ask for help in the Calendar forum on this web site about what to do about "apidata.google.googleusercontent.com:443" creating a security exception. If you do that please post a link to that thread so that I can see what calendar experts like ssitter say about it. I didn't find any recent posts in that forum about certificate/security exceptions problems with Google.

See if any of the comments near the end of https://bugzilla.mozilla.org/show_bug.cgi?id=920755 help
Post Reply