This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How do I accept a new ssl certificate in Thunderbird?

  • 7 odgovori
  • 1 ima ovaj problem
  • 107 views
  • Posljednji odgovor poslao Matt

more options

7.15.15 I cannot get or send email on my laptop as of two days ago. - Neither of the "Configuration Options for Certificates" worked to bring in the certificate I use that allows sending/receiving email. Under "Digital Signing" or "Encryption" when I press "Select" to select a certificate, I get the pop-up message "Certificate Manager can't locate a valid certificate...". When I press "View Certificates" the certificate I use is listed under "Servers" and "Authorities" and is up to date. - Also, under Tools - Options - Advanced - Certificates for: "When a server asks for my personal certificate", I've selected "Ask me every time" and to the left of "Query OSCP responder servers to confirm...", the box is checked.

I believe this issue is related to accepting a new ssl certificate that was recently renewed. I've never had this issue before. How do I trigger accepting a new certificate?

Thank you.

7.15.15 I cannot get or send email on my laptop as of two days ago. - Neither of the "Configuration Options for Certificates" worked to bring in the certificate I use that allows sending/receiving email. Under "Digital Signing" or "Encryption" when I press "Select" to select a certificate, I get the pop-up message "Certificate Manager can't locate a valid certificate...". When I press "View Certificates" the certificate I use is listed under "Servers" and "Authorities" and is up to date. - Also, under Tools - Options - Advanced - Certificates for: "When a server asks for my personal certificate", I've selected "Ask me every time" and to the left of "Query OSCP responder servers to confirm...", the box is checked. I believe this issue is related to accepting a new ssl certificate that was recently renewed. I've never had this issue before. How do I trigger accepting a new certificate? Thank you.

Izabrano rješenje

No you can not communicate with that server using a current Mozilla product. In a short while you will not be able co interact with it with any product. The server operator/admin needs to fix their server to issue 1024 bit certificates or better. Or stop using TLS.

The best explanation of this change and it's cause I have seen is here https://weakdh.org/ (right at the bottom of the page. is the what you need to do stuff)

In essence the server has not has a serious security flaw patched and Mozilla products have been modified to not interact with servers that have not patched the vulnerability. The vulnerability leaves you open to man in the middle hacking attack.

Pročitajte ovaj odgovor sa objašnjenjem 👍 1

All Replies (7)

more options

What kind of cert are you talking about? A user cert which you use to sign messages and what allows other people sending you encrypted messages? Or a server cert for your email provider server?

I've never had this issue before.

What is the issue in the first place?

more options

Thanks for your response and questions. My answers: Kind of server I'm referring to: a server cert for my email provider server The issue: Not being able to send/receive emails

more options
more options

I don't have a screenshot of an error because my email send/receive suddenly just stopped. I did look at the error console under Tools. Please see the image attached.

Thank you, again.

more options

Odabrano rješenje

No you can not communicate with that server using a current Mozilla product. In a short while you will not be able co interact with it with any product. The server operator/admin needs to fix their server to issue 1024 bit certificates or better. Or stop using TLS.

The best explanation of this change and it's cause I have seen is here https://weakdh.org/ (right at the bottom of the page. is the what you need to do stuff)

In essence the server has not has a serious security flaw patched and Mozilla products have been modified to not interact with servers that have not patched the vulnerability. The vulnerability leaves you open to man in the middle hacking attack.

more options

Thank you so much for being so knowledgeable and taking the time out of your day to provide the answer. So appreciated.

more options

--UPDATE-- Following discussion here. it Looks like there is a workaround available.through installing an add-on.