Closed Bug 1441427 Opened 7 years ago Closed 6 years ago

Cannot Send Email - TBird 60 claims SMTP Server cert is invalid

Categories

(Thunderbird :: Security, defect)

x86_64
Windows 10
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: WoofGrrrr, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Build ID: 20180206200532 Steps to reproduce: i tried to send an email For over 10 years, my ISP's SMTP server has been smtp.1and1.com:587 Actual results: Thunderbird Daily 60.0a1 (2018-02-26 64-bit) claims that my ISP's SMTP Server's certificate is invalid. This is the most-recent release of DAILY, installed yesterday. It prevents me from sending outgoing email. I get a dialog with the title "Add Security Exception". The dialog says that the site with location smtp.1and1.com:587 "attempts to identify itself with invalid information. " It also says "Unknown Identity" and "The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature." When I switch to the most-recent release of Thunderbird - 52.6.0 (32-bit), there is no such problem. Expected results: My email should have been sent with no problem
This continues to be a problem with today's release of DAILY 60.0a1 (2018-02-27 64-bit) GEE, it would be so nice if I could copy and paste the following info from the DAILY Certificate Viewer Dialog!!! SSL Certificate Hierarchy: thawte Primary Root CA thawte SSL CA - G2 smtp.1and1.com Serial Number: 5D:E6:0C:18:CE:F1:E6:9C:CE:5A:DD:58:3C:F4:5B:D4
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64
Difficult issue. Certificate handling in Thunderbird is mostly done by Mozilla core software (also used in Firefox). Apparently something has changed in this handling between TB 52 and TB 60. Usually I recommend trying an equivalent case in Firefox. Maybe you could export the certificate and import it into FF to see what happens.
(In reply to Jorg K (GMT+1) from comment #2) > Difficult issue. Certificate handling in Thunderbird is mostly done by > Mozilla core software (also used in Firefox). Apparently something has > changed in this handling between TB 52 and TB 60. > > Usually I recommend trying an equivalent case in Firefox. Maybe you could > export the certificate and import it into FF to see what happens. Mark what are your results with this?
Flags: needinfo?(bugzilla.mozilla.org)
Component: Untriaged → Security
I don't know how to so what you ask. Also, how do I test the cert they use for SMTP, but from Firefox? I finally just gave up and accepted the exception.
Mark, How long before Feb 26 had you been using daily before reporting the bug?
Summary: Cannot Send Email - TBird Daily claims SMTP Server cert is invalid → Cannot Send Email - TBird 60 claims SMTP Server cert is invalid
(In reply to Mark Barnes from comment #4) > I don't know how to so what you ask. First see whether there is an import error in Firefox. 1. In Thunderbird, tools > options > advanced > certificates > manage certificates > pick the cert and do Export 2. In Firefox, tools > options > privacy > view certificates > pick Import > Also, how do I test the cert they use for SMTP, but from Firefox? Jorg, what did you have in mind?
Flags: needinfo?(jorgk)
See Also: → 1448904
About what you said, export from TB, import in FF. I recently had a certificate error when the certificate was issued for gmx.com, but TB was configured to use gmx.es. If the error is what you mentioned in comment #0, "The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature.", then you really need to see who issued it. Any hints on Google with others at 1and1 having a similar problem?
Flags: needinfo?(jorgk)

The problem was with Daily only.

I have just deleted the certificate exception, sent myself an email, and the problem no longer exists

Flags: needinfo?(bugzilla.mozilla.org)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.