1370022 - Thunderbird Does Not Handle "Get Certificate" Option With Self-Signed Certificates Properly

Status: UNCONFIRMED

(Thunderbird :: Account Manager, defect)

Description

[Lee Thompson]

Attachment: certficiate_get.png

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170518000419

Steps to reproduce:

1. Set up a new e-mail account with Thunderbird, adding servers that have self-signed certificates have a few issues.

2. When the self-signed warning/add exception dialog automatically appears click "Get Certificate".



Actual results:

1. It shows "This site attempts to identify itself with invalid information." 

2. It then grays out all buttons except for "Get Certificate" (which if you click again, simply repeats the same information).


NOTES:

Once in this state it will stay in this state, for this account, until Thunderbird is restarted.

If you immediately choose to "Confirm Security Exception" without clicking "Get Certificate" it adds it properly.




Expected results:

1. It should get the ceritficate if "Get Certificate" is clicked.
2. It should then allow "View" option.
3. It should then allow "Confirm Security Exception" option.

Comment 1

[Jason Kyle Baginski]

I've run into this exact issue. The old self-signed key on our Mercury mail server expires next week, so self-signed a new one today. Using 77.0b3 and get the "Sending of the message failed. The certificate is not trusted becaue it is self-signed. The configuration related to x must be corrected".

I go to Tools->Options, then to Privacy & Security. Scroll down to Security and Certificates. Then click on Manage Certificates. I click the Servers tab. I see my old exception that's worked fine for years x.x.x.x:25. So I delete it, click Add Exception at the bottom, put in x.x.x.x:25 and click Get Certificate. I get "No Information Available" "Unable to obtain identification status for this site". Only buttons available are "Get Certificate" and "Cancel".

I can see the logs on my mail server and hitting "Get Certificate" does NOT connect to the mail server. If I attempt to send an email, I see the STARTTLS session. I've changed the configuration between 25 and 587 and get exactly the same results. Trying to "Send" an email shows the connection on the mail server. Hitting "Get Certificate" does not show any log entries at all on the mail server. I went ahead and put TCPView on the server and my local machine and spammed the "Get Certificate" button. I see zero connection attempts. Is Get Certificate even wired up?

Since this bug was reported 3 years ago, I'm sad to see zero progress on it. There's no longer the ability "immediately choose to 'Confirm Security Exception' without clicking 'Get Certificate'" as "Confirm Security Exception" starts as disabled.