self-signed imap certs don't work

UNCONFIRMED
Unassigned

Status

SeaMonkey
General
--
major
UNCONFIRMED
4 years ago
4 years ago

People

(Reporter: Miles Fidelman, Unassigned)

Tracking

SeaMonkey 2.31 Branch
x86
Mac OS X

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:34.0) Gecko/20100101 Firefox/34.0 SeaMonkey/2.31
Build ID: 20141202221228

Steps to reproduce:

Generated new self-signed IMAP certificate on server.
Tried to read mail.


Actual results:

Received certificate exception dialog box.
"Confirm Exception" box and button were greyed out.


Expected results:

Should have been allowed to confirm the exception.
Note: Previously reported (by others) as a Thunderbird bug, and apparently fixed (reports are closed, my copy of Thunderbird works properly).  It seems that this fix has not propagated to SeaMonkey.
See bug reports : 	1036338 1063315 1067440 1088073
(Reporter)

Comment 1

4 years ago
I expect this will be a major inconvenience to many - in that this is the time of year that many update their server certs.
Severity: normal → major

Comment 2

4 years ago
This is sounding similar to bug 1122239, which I reported. Maybe a dup?
(Reporter)

Comment 3

4 years ago
1122239 does look like a duplicate (reported later than this one - same issues).

It looks like the underlying bug was fixed for Thunderbird, but the fix hasn't made it to SeaMonkey.  Kind of an issue in that it's the time of year when certificates expire and get renewed.

Found a workaround: Since we run our own mail server, and update the certs ourselves, I set up an openssl Certificate Authority, and signed the key, installed the root certificate into SeaMonkey, and all is good.  Kind of a pain, though.

If anybody wants to do this themselves, note that UW-IMAP certificates have to have the private key combined with the cert.  (See http://gagravarr.org/writing/openssl-certs/ for a really good reference.)

Comment 4

4 years ago
(In reply to Miles Fidelman from comment #3)
> 1122239 does look like a duplicate (reported later than this one - same
> issues).
> 
> It looks like the underlying bug was fixed for Thunderbird, but the fix
> hasn't made it to SeaMonkey.  Kind of an issue in that it's the time of year
> when certificates expire and get renewed.

I have also tried this on TB 34.0 beta and it still doesn't work right. I have yet to see TB 35.0 beta make it out but it appears now that it's being skipped in favor or a 36.0 beta. I have a nagging suspicion it's more related to bug 1080601 since, in my case, cbeyond.com was bought but birch.com and maybe they bungled the IP from where the cert is supposed to be coming from.
You need to log in before you can comment on or make changes to this bug.