TB doesn't show me a pop-up with a warning about expired certificate for IMAPS and I can't add a security exception
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(Not tracked)
People
(Reporter: orazio.catucci, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36
Steps to reproduce:
Server's certificate was expired.
Actual results:
TB doesn't show me a pop-up with a warning about that for IMAPS and I can't add a security exception. At the same time I get a popup window for SMTPS so I can add exception. In the end I can send email but I can't read the new ones.
Reporter | ||
Comment 1•3 years ago
|
||
I was also tried to add exclusion manually in this way
servername:993
But TB answer "impossible to retrieve". If I try to get certificate in this way:
https://servername:443
I get certificate but the exclusion doesn't work and IMAPS session can't come up.
Comment 2•3 years ago
|
||
It should be working for IMAP as well. Must be something else special with the invalid certificate.
Comment 3•3 years ago
|
||
Also have the same issue with self-signed mail server certificate and cannot add security exception for the certificate, because the prompt for adding the exception does not show up. Use TB 78.8 and 78.9. Also confirm the exception cannot be added manually from Certificate Manager if use 'mail.serverdomain.com:993', following message is displayed 'No information available. Unable to obtain identification status for this site'.
I have found 2 workarounds which let you add the security exception:
Workaround 1) :
The email domain (let's say example.com) must be the same as mail server address (means you specify mail server address example.com not mail.example.com) and the Common name in the self-signed certificate. This is not very flexible configuration and can be applied only for few lucky ones
Workaround 2):
- go to Options > Composition > Addressing
- Check Directory server and Edit Directories > Add new
- set name to: 'fakeLdapDirectory'
specify server address: mail.mydomain.com
Base DN: cn=base
Check 'Use secure connection(SSL)'
set port: 993
Bind DN: cn=user,cn=base
Base and Bind DN does not need to exist, cn=user,cn=base will doe the trick. Click OK, close Edit connections dialog. - Select directory server in the list
- Go to Inbox Tab > Address Book
Select fakeLdapDirectory in the list and type something into the search input on top right. If asked for password type anything e.g. 'letMeIn'
You should get 'confirm certificate exception dialog', confirm it, now mail messages should be downloadable
I just ran into the same issue.
For me the work-around in https://stackoverflow.com/a/63952132/1039973 worked:
- Add a string configuration
network.security.ports.banned.override
with the value993
- Download the certificate manually using the Certificate Manager using
https://your-server:993
- Add as an exception
So I just deleted and re-added the account.
On account creation the certificate exception is added automatically without any notice or pop-up. This seems like a privacy issue to me, no?
When I delete the exception from the Certificate Manager or the certificate expires or the certificate changes on the server side I don't get any notification and TB hangs on "Checking capabilities of the server" (translated back from German).
FTR: I am on TB 78.10.0.
(In reply to kg from comment #5)
So I just deleted and re-added the account.
On account creation the certificate exception is added automatically without any notice or pop-up. This seems like a privacy issue to me, no?
I am sorry, I got confused on that one. I still had the exception in place after deleting the account.
Comment 7•3 years ago
|
||
I can confirm this issue. Certificates are expired, but I cannot add exception.
I have tried adding an exception, but Thunderbird claims that it cannot find server information. But I can use curl -vvv
and can clearly see a certificate was fetched.
I confirm that bug and another bug for STARTTLS with another solution
https://bugzilla.mozilla.org/show_bug.cgi?id=1765757
Description
•