Cannot add Security Certificate (Security Exception) under the right server name
In my home network I have an IMAP server (dovecot) running with a self-signed SSL certificate. When I want to sync the mail ("Get Messages") then a window pops up (correctly) warning me about the "incorrect" certificate. (The window title is "Add Security Exception" and the error is "Wrong Site"). Wat is strange is that the Location indicated, is not the same as as the Server Name as set in the server settings in Thunderbird. Example: suppose I have a server name set as a.b.c.com, then in the warning window it would say imap.c.com:993 (so a.b removed and replaced by the word imap). I have no idea why the address gets changed.
If I confirm the security exception and store it, then the correct certificate is stored (checked fingerprint), but it is added under the wrong server name (under imap.c.com). Subsequent "Get Messages" will trigger the warning again.
If I correct in the warning window the Location to a.b.c.com:993, then is says No Information Available. If I correct it to the address with the SSL port number removed (so only a.b.c.com) then I can store the Security Exception, but the wrong certificate is stored. What is stored is the certificate that belongs to my web (https) server and what can be reached at my domain name b.c.com .
In the past the same set-up did work form both local network and from outside (obviously with some earlier version of Thunderbird), the security certificate was stored in the right way in Thunderbird. I still have clients running using the certificate that was stored some years ago. In one client I accidentally deleted it, and now I cannot get it back.
The system is an up to date Fedora 33 system.
Všechny odpovědi (1)
Meanwhile I found an answer to my own question. It seems to be a bug under Thunderbird 78.6.0, but it has a workaround: - Accept/store the certificate when asked - Exit Thunderbird - In your Thunderbird profile (~/.thunderbird/<profile name>/, or C:\Users\<pofile_name>\AppData\Roaming\Thunderbird\Profiles\<profile_in_use>\ ) there is a file called Cert_Override.txt (or cert_override.txt). - Edit that file, and change the address of the wrongly named certificate and port number to the correct address and port number. - Start Thunderbird
Related support question: https://support.mozilla.org/en-US/questions/1315845 Bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1665577