This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Thunderbird Issues after latest Microsoft certificate

  • 1 reply
  • 1 has this problem
  • 2 views
  • Last reply by christ1

more options

After receiving the latest DigiCert Global Root G2 certificate from MicroSoft, as it relates to InTune, we received pop-ups from Thunderbird and Mac Mail clients on OSX and iOS that states “You are about to override how Thunderbird identifies this site. Legitimate banks, stores, and other publice sites will not ask you for this information:

Location: outlook.office365.com:993 “Get Certificate” This site attempts to identify itself with invalid information. “View” Wrong Site The certificate belongs to a different site, which could mean that someone is trying to impersonate this site. “Permanently store this exception” “Confirm Security Exception” “Cancel”.

We took the “Cancel” Option and imported the new DigiCert Global Root G2” certificate from MicroSoft and restarted Thunderbird in OSX and Mail in iOS. After restarting the pop-ups discontinued, until it resurfaced again a couple of days later. Once the app was restarted or the client rebooted, the pop-ups stopped again but again, resurfaced after a few days. The Thunderbird release this happened with was V.68. Upgrading to the latest appears to have fixed the issue with the pop-ups, but broke Enigmail add-ons for encryption.

Questions: 1. Has anyone else experienced this issue and if so, without having to upgrade Thunderbird? 2. Does anyone know what are the ramifications of accepting and storing this certificate listed in the pop-up, if the site listed is the correct site, listed above?

After receiving the latest DigiCert Global Root G2 certificate from MicroSoft, as it relates to InTune, we received pop-ups from Thunderbird and Mac Mail clients on OSX and iOS that states “You are about to override how Thunderbird identifies this site. Legitimate banks, stores, and other publice sites will not ask you for this information: Location: outlook.office365.com:993 “Get Certificate” This site attempts to identify itself with invalid information. “View” Wrong Site The certificate belongs to a different site, which could mean that someone is trying to impersonate this site. “Permanently store this exception” “Confirm Security Exception” “Cancel”. We took the “Cancel” Option and imported the new DigiCert Global Root G2” certificate from MicroSoft and restarted Thunderbird in OSX and Mail in iOS. After restarting the pop-ups discontinued, until it resurfaced again a couple of days later. Once the app was restarted or the client rebooted, the pop-ups stopped again but again, resurfaced after a few days. The Thunderbird release this happened with was V.68. Upgrading to the latest appears to have fixed the issue with the pop-ups, but broke Enigmail add-ons for encryption. Questions: 1. Has anyone else experienced this issue and if so, without having to upgrade Thunderbird? 2. Does anyone know what are the ramifications of accepting and storing this certificate listed in the pop-up, if the site listed is the correct site, listed above?

All Replies (1)

more options
After receiving the latest DigiCert Global Root G2 certificate from MicroSoft

Why would you want to get a Digicert root certificate from Microsoft? Beats me.

The DigiCert Global Root G2 certificate is already in the Thunderbird 78 certificate store, SHA-256 fingerprint is CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F. I don't know about Thunderbird 68.

Location: outlook.office365.com:993

That's the server your Thunderbird is trying to connect to.

The certificate belongs to a different site, which could mean that someone is trying to impersonate this site.

Press “View” and inspect the cert. Who's the issuer of the cert? What's the subject information of the cert? Please post a screenshot of the Certificate Viewer window with that information visible. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem

Upgrading to the latest appears to have fixed the issue with the pop-ups, but broke Enigmail add-ons for encryption.

TB 78 did not break Enigmail, there simply is no Enigmail add-on anymore. Thunderbird uses it's own OpenPGP implementation now. https://support.mozilla.org/kb/openpgp-thunderbird-howto-and-faq