sslcertificatethunderbird

Thunderbird 78: How to add security exception?


In previous versions of Thunderbird, when connecting to a server with a self-signed certificate, a warning was displayed, but the option was offered to create a security exception for that server with this dialog:

enter image description here

I could click on "Confirm Security Exception" and thereafter, TB could communicate with the server.

But in this version of TB, I only see a message:

Sending of message failed.
The certificate is not trusted because it is self-signed.
The configuration related to [server name] must be corrected.

There is no indication of what "must be corrected" for TB to trust the certificate.

The Certificate Manager in the Privacy settings section does open the dialog above. But once the correct IP:port is entered, the "Get Certificate" button does nothing apart from displaying "No Information Available". This renders the dialog pretty useless.

I'm not concerned about man in the middle attacks due to the lack of CA signing because the mail server is on an intranet.

Is there any other way to get TB 78 to work with self-signed certificates?


Solution

  • I also suffer from this issue for hours. Finally, I figure it out to solve it.

    At first, I tried to download the certificate from Firefox. When I try to access https://bad-mail-admin.com:465 and it tells me:

    This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.

    Then I googled it and found the solution: https://support.mozilla.org/en-US/questions/1083282

    Just go to about:config ("Preferences" -> "General" -> scroll all the way down -> "Config Editor"), right-click anywhere on the page and choose New > String. Create an option named network.security.ports.banned.override, with the value: 465

    Then firefox show https://bad-mail-admin.com:465 successfully.

    Immediately I realized that Firefox and TB use the same browser engine. So I repeat do it in "Config Editor" of TB.

    Then go to Certificate Manager of TB, enter https://bad-mail-admin.com:465. Press "Get Certificate" and finally I can get the certificate and add it to the security exception.