Este site irá ter funcionalidade limitada enquanto fazemos manutenção para melhorar a sua experiência. Se um artigo não resolve o seu problema e quiser colocar uma questão, temos a nossa comunidade de apoio à espera de o ajudar em @FirefoxSupport no Twitter, /r/firefox no Reddit.

Avatar for Username

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Saber mais

Esta discussão foi arquivada. Se precisar de ajuda, por favor, coloque uma nova questão.

Confirm security exception won't confirm certificate for non-matching site

  • 1 resposta
  • 1 tem este problema
  • 15 visualizações
  • Última resposta por Matt

aathan
aathan
more options

Naturally, the "Confirm Security Exception" dialog comes up when I change the incoming email server from somename.com:993 to 192.168.0.1:993 for a self-hosted email instance. However, accepting the security exception does not cause mail to flow and the same exception dialog is presented the next time I manually fetch email.

It smells as if Thunderbird is not storing the exception relative to the address it used to contact the server, but may be storing the exception based only on the contents of the certificate: The certificate vended by the target server does not mention its private IP address (only somename.com and *.somename.com).

This situation arises when there are DNS issues or other problems requiring direct "by IP address" access to the server. Under such conditions it would be ideal to be able to fetch mail through the raw IP address, but it seems the security exception mechanism is disallowing this. The status on the Thunderbird window just stays on "Connected to <ip address>..." forever, and no mail comes.

Am I right about why this isn't working? If not, any ideas on how to make it work (short of modifying the certificate)? If it is not working for the reason I guessed, doesn't it make sense that it *should* work, and that Thunderbird should remember an exception to accept any arbitrary vended certificate for which a security exception has been confirmed, based on the target IP address?

Naturally, the "Confirm Security Exception" dialog comes up when I change the incoming email server from somename.com:993 to 192.168.0.1:993 for a self-hosted email instance. However, accepting the security exception does not cause mail to flow and the same exception dialog is presented the next time I manually fetch email. It smells as if Thunderbird is not storing the exception relative to the address it used to contact the server, but may be storing the exception based only on the contents of the certificate: The certificate vended by the target server does not mention its private IP address (only somename.com and *.somename.com). This situation arises when there are DNS issues or other problems requiring direct "by IP address" access to the server. Under such conditions it would be ideal to be able to fetch mail through the raw IP address, but it seems the security exception mechanism is disallowing this. The status on the Thunderbird window just stays on "Connected to <ip address>..." forever, and no mail comes. Am I right about why this isn't working? If not, any ideas on how to make it work (short of modifying the certificate)? If it is not working for the reason I guessed, doesn't it make sense that it *should* work, and that Thunderbird should remember an exception to accept any arbitrary vended certificate for which a security exception has been confirmed, based on the target IP address?

Todas as respostas (1)

Matt
Matt
  • Moderator
  • Top 10 Contributor
more options

The issue will be the self signed certificate used. But then I fail to understand why you would even use encrypted connections to a self hosted mail server. Surely you are confident that your local network is secure. That is after all the firewalls job, to keep outsiders out.