This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Insecure connection error message on MAC

  • 11 cavab
  • 1 has this problem
  • 7 views
  • Last reply by sfhowes

more options

Can't get or send any messages in TB, just get the error message below. I read a solution to this for windows but I have a macbook pro using OS X.11.6...all help gratefully appreciated!

Secure connection failed

live.mozillamessaging.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: <a id="errorCode" title="SEC_ERROR_UNKNOWN_ISSUER">SEC_ERROR_UNKNOWN_ISSUER</a>

Can't get or send any messages in TB, just get the error message below. I read a solution to this for windows but I have a macbook pro using OS X.11.6...all help gratefully appreciated! Secure connection failed live.mozillamessaging.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: <a id="errorCode" title="SEC_ERROR_UNKNOWN_ISSUER">SEC_ERROR_UNKNOWN_ISSUER</a>

All Replies (11)

more options

The advice given here suggests that deleting the cert8.db file should resolve this problem. Select Help/Troubleshooting Information, click Open Folder to open the profile folder in your system's file manager, close TB, then delete the cert8.db file.

more options

Hi, i deleted the file, removed it from trash so it was definitely not on my mac. Rebooted, the rogue file us back! Have tried several times...do you know the source of this file?

more options

The cert8.db file will be automatically recreated in an uncorrupted form, but if you still have the problem, I wonder if you have a security or antivirus program scanning email that is interfering with the process. Do you use a program like Avast with an active Mail Shield?

more options

Hi, no programs like avast only security i have is thru mac updates...

more options

Do you get a dialog with the error with a view button on it? If so view the certificate. Who issues it? Who is it issued to?

more options

Hi, not receiving any dialogue box, just the insecure connection, put in password message. When i enter the pw, which is def correct, it just keeps rejecting it...thanx for your help. Was wondering if i need to uninstall TB and reinstall?

more options

Reinstalling TB probably won't help unless you have a very old version (latest is 52.8). Is it possible you have the wrong security settings for the mail account? Help/Troubleshooting Information, click 'Copy text to clipboard', paste into a reply here, and omit all printer and font data.

more options

Hi, didn't delete printer / data files as not exactly sure which ones they are...hope this sheds some light on the problem? Best, Brian


 Application Basics
   Name: Thunderbird
   Version: 52.8.0
   User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
   Profile Folder: Show in Finder
   Application Build ID: 20180516145259
   Enabled Plugins: about:plugins
   Build Configuration: about:buildconfig
   Memory Use: about:memory
   Profiles: about:profiles
 Mail and News Accounts
   account2:
     INCOMING: account2, , (none) Local Folders, plain, passwordCleartext
   account4:
     INCOMING: account4, , (imap) imap.googlemail.com:993, SSL, passwordCleartext
     OUTGOING: , smtp.googlemail.com:465, SSL, passwordCleartext, true
   account5:
     INCOMING: account5, , (imap) imap.googlemail.com:993, SSL, passwordCleartext
     OUTGOING: , smtp.googlemail.com:465, SSL, passwordCleartext, true
   account8:
     INCOMING: account8, , (imap) mail.btinternet.com:993, SSL, passwordCleartext
     OUTGOING: , mail.btinternet.com:465, SSL, passwordCleartext, true
   account10:
     INCOMING: account10, , (imap) imap.talktalk.net:143, alwaysSTARTTLS, passwordCleartext
     OUTGOING: , smtp.talktalk.net:587, alwaysSTARTTLS, passwordCleartext, true
 Crash Reports
   https://crash-stats.mozilla.com/report/index/bp-510ef513-c732-4aa2-94d2-a1d122170130 (30/01/2017)
   https://crash-stats.mozilla.com/report/index/bp-059be0f9-0d4a-4cbd-8e8a-0d5362150924 (24/09/2015)
   https://crash-stats.mozilla.com/report/index/bp-8752c159-948a-45e2-889e-c44a12140905 (05/09/2014)
   https://crash-stats.mozilla.com/report/index/bp-c00f40d9-0145-4a50-883e-7173c2121008 (08/10/2012)
 Extensions
   Lightning, 5.4.8, true, {e2fda1a4-762b-4020-b5ad-a41df1933103}
 Important Modified Preferences
   Name: Value
     browser.cache.disk.capacity: 358400
     browser.cache.disk.filesystem_reported: 1
     browser.cache.disk.smart_size_cached_value: 358400
     browser.cache.disk.smart_size.first_run: false
     browser.cache.disk.smart_size.use_old_max: false
     extensions.lastAppVersion: 52.8.0
     font.internaluseonly.changed: false
     font.size.variable.x-western: 11
     mail.openMessageBehavior.version: 1
     mail.spotlight.enable: true
     mail.spotlight.firstRunDone: true
     mail.spotlight.global_reindex_time: 1302689138
     mailnews.database.global.datastore.id: ba3b92a0-19d7-144a-9ef8-a7428447774
     mailnews.database.global.views.conversation.columns: {"threadCol":{"visible":true,"ordinal":"3"},"flaggedCol":{"visible":true,"ordinal":"5"},"attachmentCol":{"visible":false…
     mailnews.database.global.views.global.columns: {"threadCol":{"visible":true,"ordinal":"1"},"flaggedCol":{"visible":true,"ordinal":"3"},"attachmentCol":{"visible":false…
     media.gmp.storage.version.observed: 1
     network.cookie.cookieBehavior: 3
     network.cookie.prefsMigrated: true
     network.predictor.cleaned-up: true
     places.database.lastMaintenance: 1530191471
     places.history.expiration.transient_current_max_pages: 69377
     plugin.importedState: true
     print.macosx.pagesetup-2: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQTElTVCAxLjAvL0VO…
     privacy.donottrackheader.enabled: true
     security.sandbox.content.tempDirSuffix: {dd280102-92d4-4945-be13-6dd37784d8d3}
 Graphics
     GPU #1
     Vendor ID: 0x10de
     Device ID: 0x08a0
     Features
     WebGL Renderer: NVIDIA Corporation -- NVIDIA GeForce 320M OpenGL Engine -- 2.1 NVIDIA-10.0.52 310.90.10.05b46
     AzureCanvasBackend: skia
     AzureCanvasAccelerated: 0
     AzureFallbackCanvasBackend: none
     AzureContentBackend: skia
     TileHeight: 512
     TileWidth: 512
 JavaScript
 Incremental GC: 1
 Accessibility
   Activated: 0
   Prevent Accessibility: 0
 Library Versions
     Expected minimum version
     Version in use
     NSPR
     4.13.1
     4.13.1
     NSS
     3.28.6
     3.28.6
     NSS Util
     3.28.6
     3.28.6
     NSS SSL
     3.28.6
     3.28.6
     NSS S/MIME
     3.28.6
     3.28.6
more options

Your server settings look generally OK. I found a couple of discussions related to this error. The first one involves a 3rd-party program, BrowserSafeguard, that probably is Windows-only. But the second one looks more applicable to your error message {"....additional root certificate may need to be imported..."). Open Preferences/Advanced/Certificates and follow the instructions.

more options

Hi, I've fiddled with options in Advanced preferences, getting a message to enter password for mail server...Have entered my password...I know it's correct because it gets me into gmail...keeps being rejected...The odd email is still arriving but I can't compose / send...

more options

For Gmail, I suggest you use imap.gmail.com on port 993 for the incoming server, SSL/TLS security, authentication = OAuth2, User name = full address. For the outgoing server, smtp.gmail.com on port 587, STARTTLS security, authentication = OAuth2, User name = full address. Set each gmail account to send through the smtp server with the user name/password for that account.

Make sure less-secure apps are allowed in your Google settings, and that cookies for google.com are not blocked in Preferences/Privacy.

http://kb.mozillazine.org/Using_Gmail_with_Thunderbird_and_Mozilla_Suite