Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

OSX Server 5.1 IMAP Mail with Thunderbird. Certificate problem - can't connect from Win7

  • 1 baphendule
  • 1 inale nkinga
  • 4 views
  • Igcine ukuphendulwa ngu Matt

more options

We are setting up a new Apple OS X Server 5.1 provide an IMAP for internal mail. We are hoping to use Thunderbird as the client. On MAC workstations and laptops when we setup the new email account we are offered the option to accept and trust the local self signed certificate. Once accepted the email accounts function correctly. However, when trying the same procedure on Win7 workstations we don't get the option to trust and cannot connect to the IMAP server. We tried importing the certificate from one of the MAC workstations, but the Win7 workstation does not trust it. Any suggestions?

Just for info - file sharing, DHCP and DNS are operating correctly.

We are setting up a new Apple OS X Server 5.1 provide an IMAP for internal mail. We are hoping to use Thunderbird as the client. On MAC workstations and laptops when we setup the new email account we are offered the option to accept and trust the local self signed certificate. Once accepted the email accounts function correctly. However, when trying the same procedure on Win7 workstations we don't get the option to trust and cannot connect to the IMAP server. We tried importing the certificate from one of the MAC workstations, but the Win7 workstation does not trust it. Any suggestions? Just for info - file sharing, DHCP and DNS are operating correctly.

All Replies (1)

more options

My guess is SSL/TLS is not configured for the changes that occurred following logjam.

Ensure the server is functioning with TLS1.2 and that valid certificates of at least 2048bytes are used Everything before TLS1.2 is broken and should not be used. That includes SSL in it's entirety

Keys less than 2048 are also no longer long enough to provide anything like the encryption required.. Breaking them is now at the level of "trivial"