Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Confirm security exception won't confirm certificate for non-matching site

  • 1 antwurd
  • 1 hat dit probleem
  • 15 werjeftes
  • Lêste antwurd fan Matt

aathan
aathan
more options

Naturally, the "Confirm Security Exception" dialog comes up when I change the incoming email server from somename.com:993 to 192.168.0.1:993 for a self-hosted email instance. However, accepting the security exception does not cause mail to flow and the same exception dialog is presented the next time I manually fetch email.

It smells as if Thunderbird is not storing the exception relative to the address it used to contact the server, but may be storing the exception based only on the contents of the certificate: The certificate vended by the target server does not mention its private IP address (only somename.com and *.somename.com).

This situation arises when there are DNS issues or other problems requiring direct "by IP address" access to the server. Under such conditions it would be ideal to be able to fetch mail through the raw IP address, but it seems the security exception mechanism is disallowing this. The status on the Thunderbird window just stays on "Connected to <ip address>..." forever, and no mail comes.

Am I right about why this isn't working? If not, any ideas on how to make it work (short of modifying the certificate)? If it is not working for the reason I guessed, doesn't it make sense that it *should* work, and that Thunderbird should remember an exception to accept any arbitrary vended certificate for which a security exception has been confirmed, based on the target IP address?

Naturally, the "Confirm Security Exception" dialog comes up when I change the incoming email server from somename.com:993 to 192.168.0.1:993 for a self-hosted email instance. However, accepting the security exception does not cause mail to flow and the same exception dialog is presented the next time I manually fetch email. It smells as if Thunderbird is not storing the exception relative to the address it used to contact the server, but may be storing the exception based only on the contents of the certificate: The certificate vended by the target server does not mention its private IP address (only somename.com and *.somename.com). This situation arises when there are DNS issues or other problems requiring direct "by IP address" access to the server. Under such conditions it would be ideal to be able to fetch mail through the raw IP address, but it seems the security exception mechanism is disallowing this. The status on the Thunderbird window just stays on "Connected to <ip address>..." forever, and no mail comes. Am I right about why this isn't working? If not, any ideas on how to make it work (short of modifying the certificate)? If it is not working for the reason I guessed, doesn't it make sense that it *should* work, and that Thunderbird should remember an exception to accept any arbitrary vended certificate for which a security exception has been confirmed, based on the target IP address?

Alle antwurden (1)

Matt
Matt
  • Moderator
  • Top 10 Contributor
more options

The issue will be the self signed certificate used. But then I fail to understand why you would even use encrypted connections to a self hosted mail server. Surely you are confident that your local network is secure. That is after all the firewalls job, to keep outsiders out.