v. 3 Help: Cannot Bypass Invalid Certificate Warning

Discussion about official Mozilla Thunderbird builds
Locked
lucite
Posts: 28
Joined: December 11th, 2003, 10:30 am

v. 3 Help: Cannot Bypass Invalid Certificate Warning

Post by lucite »

version 3.0a1pre (2008042803)

I've searched the forums & Google for 4 hours for a workaround, but no luck.

Help! :)

I'm trying to securely download mail from an account which uses a shared SSL certificate. Thus my IMAP domain name is different than the one the SSL certificate is authorized for, and TB rightly tells me so:

mail.mydomain.com:993 uses an invalid security certificate.
The certificate is only valid for the following names:
*nocdirect.com , nocdirect.com
(Error code: ssl_error_bad_cert_domain)

Problem is that whereas in v.2 of TB I can bypass/accept this; in v.3 it gives me no way to ignore this alert (and I fail to retrieve mail).

I really need to use v.3 for other stuff. I've tried adding an Exception for mail.mydomain.com in the Servers tab of the Certificate Manager, but that doesn't fix it.

Can someone kindly explain how to fix this - it appears to be a problem a number of people are having.

Thanks
Top
User avatar
kmc
Posts: 332
Joined: October 19th, 2007, 3:01 am
Location: China

Post by kmc »

Me too have the same problem, my University's mail server is changing and they didn't put a valid certificate in the new SSL location, so I cannot add an exception like before. Anyway I'm sure about the issuer, so can I bypass this check?

And will Thunderbird act like Firefox giving the "or add an exception" option to user when the same thing happens?

Thx
Growing up with Firefox
Top
User avatar
JoeS
Posts: 2337
Joined: June 8th, 2003, 9:15 am

Post by JoeS »

See:
# 431819 [Core] - IMAP/POP/SMTP/LDAP with SSL client auth, Thunderbird repeatedly prompts for client certificate [All]
JoeS Testing current Thunderbird trunk builds WinXP SP2+
news://news.mozilla.org.mozilla.test.multimedia How to Post
Top
User avatar
therearenoteams
Posts: 168
Joined: August 12th, 2004, 5:46 am
Location: Pittsburgh, PA

Post by therearenoteams »

JoeS wrote:See:
# 431819 [Core] - IMAP/POP/SMTP/LDAP with SSL client auth, Thunderbird repeatedly prompts for client certificate [All]

The issue reported in this thread seems related but different. Thunderbird isn't trying to get my identity. When I enable SSL for this IMAP server and attempt to connect, I get:

Code: Select all

server:993 uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)
   [OK]

I can't set Thunderbird to accept this certificate (which, by the way, is from the School of Computer Science at Carnegie Mellon in the US). Seems Thunderbird needs the "Add an exception" UI that Firefox 3 now uses.
Top
leepa
Posts: 32
Joined: April 12th, 2006, 9:45 am
Location: Poland

Re: v. 3 Help: Cannot Bypass Invalid Certificate Warning

Post by leepa »

Using a hint from this post (thanks a lot bpat1434):

Go to Tools -> Options -> Advanced -> Certificates -> Show certificates -> Servers tab

Add an exception using your mail server name and port. In your example it will be

Code: Select all

server:993
without specifying the protocol (no http, https, imaps, etc) - just server address, colon and port number.

Confirm the security exception and it should work fine. It worked for me :)

PS. tested on Shredder 3.0a2
Leepa
Top
Locked

Return to “Thunderbird Builds”