How to get Thunderbird 78 to accept self-signed certificate?
Hi, I've just installed Thunderbird and got version 78.2.1. Now, when I try to connect to my server (which uses a self-signed certificate) instead of being prompted to confirm the exception it says "The certificate is not trusted because it is self-signed. The configuration related to my.server.com must be corrected." - but it doesn't say how. (This is for SMTP - IMAP is even worse and just seems to hang without any message.)
How do I get it to accept my self-signed certificate?
(I've tried various solutions on the web, but they all appear to related to older versions. E.g. Tools / Options / Certificate Manager / Add Exception ... but that seems to be looking for a web server and just says "Unable to obtain identification status for this site" which isn't surprising because it isn't a website.)
Todas las respuestas (6)
Replace "https://" in that dialog with the mail server's name address, e.g imap.myserver.com and smtp.myserver.com then hit the get certificate button to fetch the certificate. If memory serves me right, you could also use the ip address and port combination, e.g 172.16.0.6:993
Sorry - should have been more clear. I was indeed removing the "https://" that is in the field to start with, and entering the name of my mail server with the appropriate ports per the various sites that directed me to that area of the settings. I tried "my.server.com:25" and "my.server.com:143" (which should work for SMTP and IMAP respectively using STARTTLS) and "my.server.com:993" and "my.server.com:587" (which should work for SSL). I did also try using the server's IP address. In every case it said "Unable to obtain identification status for this site" which is what made me think it was expecting a website.
Really, when setting up the account it should just say up front that it's a self-signed certificate and give the option to accept it. Even the old way (version 68 and earlier) of having to enter the details manually then try the connection to get it to ask to confirm the exception was a long-winded way to do it.
Try using the Authorities tab to import the CA cert.
r.orrison said
Really, when setting up the account it should just say up front that it's a self-signed certificate and give the option to accept it. Even the old way (version 68 and earlier) of having to enter the details manually then try the connection to get it to ask to confirm the exception was a long-winded way to do it.
How would it know upfront that the account you're adding, is a self-hosted mail server using a self-signed certificate, and which automatic settings to use? Automatic fetching of settings happens for domains that Thunderbird knows about (in its database of known providers) or can "guess" from known domains.
I'll try importing the certificate, but it'll be tomorrow.
Stans said
How would it know upfront that the account you're adding, is a self-hosted mail server using a self-signed certificate, and which automatic settings to use? Automatic fetching of settings happens for domains that Thunderbird knows about (in its database of known providers) or can "guess" from known domains.
Changing my dummy domain a bit... My email address is me@mydomain.com, and my mail server (both IMAP and SMTP) is mail.mydomain.com. The autoconfiguration correctly guesses the server, even detects that it can use STARTTLS, but then fails saying the credentials don't work. The only problem with the autoconfigured setup is that it hasn't accepted the certificate - if it just asked that one question, it would work perfectly.
I'll try importing the certificate, but it will be tomorrow.
Stans said
How would it know upfront that the account you're adding, is a self-hosted mail server using a self-signed certificate, and which automatic settings to use? Automatic fetching of settings happens for domains that Thunderbird knows about (in its database of known providers) or can "guess" from known domains.
(I'll change my dummy server name to make this clearer.)
My email address is me@mydomain.com and my server (both IMAP and SMTP) is mail.mydomain.com. The autoconfiguration correctly guesses the server name from my email address, and even knows that STARTTLS will work. However, it says that it fails (I'm not sure of the exact message because I'm not at the machine with v78 on at the moment). Everything has been configured correctly by the autoconfiguration wizard, the only problem is the self-signed certificate. If it just asked that one question, it would work perfectly.