Spletno mesto bo delovalo z omejenimi zmožnostmi, medtem ko na njem izvajamo vzdrževalna dela za vas. Če članki ne rešijo vaše težave in želite zastaviti vprašanje, naša skupnost za podporo čaka na vas na @FirefoxSupport na Twitterju in na /r/firefox na Redditu.

Avatar for Username

Iskanje po podpori

Izogibajte se prevarantski tehnični podpori. Nikoli vam ne bomo naročili, da pokličete telefonsko številko ali nam pošljete osebne podatke. Sumljivo dejavnost prijavite z gumbom »Prijavi zlorabo«.

Več o tem

Ta tema je arhivirana. Postavite prosim novo vprašanje, če potrebujete pomoč.

Cannot add Security Certificate (Security Exception) under the right server name

  • 1 odgovor
  • 1 ima to težavo
  • 8 ogledov
  • Zadnji odgovor od aNDy

aNDy
aNDy
more options

In my home network I have an IMAP server (dovecot) running with a self-signed SSL certificate. When I want to sync the mail ("Get Messages") then a window pops up (correctly) warning me about the "incorrect" certificate. (The window title is "Add Security Exception" and the error is "Wrong Site"). Wat is strange is that the Location indicated, is not the same as as the Server Name as set in the server settings in Thunderbird. Example: suppose I have a server name set as a.b.c.com, then in the warning window it would say imap.c.com:993 (so a.b removed and replaced by the word imap). I have no idea why the address gets changed.

If I confirm the security exception and store it, then the correct certificate is stored (checked fingerprint), but it is added under the wrong server name (under imap.c.com). Subsequent "Get Messages" will trigger the warning again.

If I correct in the warning window the Location to a.b.c.com:993, then is says No Information Available. If I correct it to the address with the SSL port number removed (so only a.b.c.com) then I can store the Security Exception, but the wrong certificate is stored. What is stored is the certificate that belongs to my web (https) server and what can be reached at my domain name b.c.com .

In the past the same set-up did work form both local network and from outside (obviously with some earlier version of Thunderbird), the security certificate was stored in the right way in Thunderbird. I still have clients running using the certificate that was stored some years ago. In one client I accidentally deleted it, and now I cannot get it back.

The system is an up to date Fedora 33 system.

In my home network I have an IMAP server (dovecot) running with a self-signed SSL certificate. When I want to sync the mail ("Get Messages") then a window pops up (correctly) warning me about the "incorrect" certificate. (The window title is "Add Security Exception" and the error is "Wrong Site"). Wat is strange is that the Location indicated, is not the same as as the Server Name as set in the server settings in Thunderbird. Example: suppose I have a server name set as a.b.c.com, then in the warning window it would say imap.c.com:993 (so a.b removed and replaced by the word imap). I have no idea why the address gets changed. If I confirm the security exception and store it, then the correct certificate is stored (checked fingerprint), but it is added under the wrong server name (under imap.c.com). Subsequent "Get Messages" will trigger the warning again. If I correct in the warning window the Location to a.b.c.com:993, then is says No Information Available. If I correct it to the address with the SSL port number removed (so only a.b.c.com) then I can store the Security Exception, but the wrong certificate is stored. What is stored is the certificate that belongs to my web (https) server and what can be reached at my domain name b.c.com . In the past the same set-up did work form both local network and from outside (obviously with some earlier version of Thunderbird), the security certificate was stored in the right way in Thunderbird. I still have clients running using the certificate that was stored some years ago. In one client I accidentally deleted it, and now I cannot get it back. The system is an up to date Fedora 33 system.

Vsi odgovori (1)

aNDy
aNDy Lastnik vprašanja
more options

Meanwhile I found an answer to my own question. It seems to be a bug under Thunderbird 78.6.0, but it has a workaround: - Accept/store the certificate when asked - Exit Thunderbird - In your Thunderbird profile (~/.thunderbird/<profile name>/, or C:\Users\<pofile_name>\AppData\Roaming\Thunderbird\Profiles\<profile_in_use>\ ) there is a file called Cert_Override.txt (or cert_override.txt). - Edit that file, and change the address of the wrongly named certificate and port number to the correct address and port number. - Start Thunderbird

Related support question: https://support.mozilla.org/en-US/questions/1315845 Bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1665577