Closed Bug 178031 Opened 22 years ago Closed 22 years ago

Mail is unable to accept site certificate permanently

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 175225

People

(Reporter: gilead, Assigned: ssaux)

References

(
URL
)

Details

(Whiteboard: dupeme) 

I use SSL to connect to two sites on which I have POP3 mail accounts. Mozilla
refuses to accept their certificates when asked to do so permanently (ie. after
choosing 'accept certificate permanently' it displays the same popup window
again). Accepting certificate for single session works well.

This bug is present in Mozilla for as long as I can remember but I decided to
fill this bug report after seeing nicely redesigned popup window in build
2002110108 asking for certificate acceptance. This means someone is working on
it but this bug is still there.

Big thanks to entire Mozilla team for awesome work!

Max
-> PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: MailNews → PSM
Version: other → unspecified
OS: Linux → All
Priority: -- → P3
Hardware: PC → All
Whiteboard: dupeme
Version: unspecified → 2.4
Reporter, do you have FIPS enabled? Edit>Prefs>Privacy>Certificates>Manage
security devices. If so, try disabling it. Bug 150697
Also, check to see if you have a master password setup.
Edit>Prefs>Privacy>Master Passwords>Change Password. If you don't have a
password setup, create one and try the saving the cert from the mail account again.
If neither of the above work, then if possible, can you send the name of the pop
server in case there is a problem with the server's certificate?
Status: UNCONFIRMED → NEW
Ever confirmed: true
FIPS was disabled, there were no master password.

I tried enabling FIPS which made things only worse (Could not establish an
encrypted connection because certificate presented by [mail server address here]
is invalid or corrupted. Error Code: -8182). Disabling it again restored the
previous state.

Setting master password didn't change anything.

Mail servers I'm using are: mail.linart.krakow.pl and yellow.dyndns.org. If you
need more data please ask.
mail.linart.krakow.pl and yellow.dyndns.org both have the same issuer and issuee
data, and a serial number of 00, and probably were issued by plesk.com. Marking
dupe of bug 175225, which is a regression and nsbeta1+.

*** This bug has been marked as a duplicate of 175225 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Verified duplicate. What I'm finding is that this type of cert (matching issuer 
and issuee and serial number 00) is just like the self-signed cert I created on 
my Apache server on Redhat 7.2. There must be a lot of this type of cert out 
there.
Status: RESOLVED → VERIFIED
There is no specific certificate issued by anyone at my server (I'm owner of
yellow.dyndns.org) and I don't want to have one (or at least don't want to
bother with it right now).

I strongly believe that Mozilla should remember ANY certificate the server
presents to it and notify user that such certificate is not valid.

Or let someone invent better solution but please remove this annoying popup - I
just want to receive my email.

Regards,
Max
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.