Certificate Invalid
Hi I am having issues with an invalid certificate message. Looking at the Tbird certificate store the stored certificate is out of date, but the certificate on the domain and in the windows certificate store is current. I'm running Windows 10, 64 bit, version 22H2, Thunderbird 102.11.0(64Bit). IMAP server for domain thebarretts.net.au. I have a couple of laptops plus a PC, all have the same issue, started on 9thMay, when the certificate expired. The attached screen shots show the error, the Windows certificate store, the certificate in Tbird and the certificate information stored in the domain. The email still works provide I cancel the add exception window, my calendar and contacts also fail. I have tried a number of tests such as restart in safe mode with networking to see if anything else could be affecting this, also added and exception in Tbird but this doesn't make any difference, checked that my AV (Kaspersky Premium) has an exception for the domain, turned off Kaspersky but same issue when Tbird starts, turned off Tbird addons but still fails. Tried to import a replacement certificate but Tbird tells me the certificate exist so will not import. Can anyone help me resolve this issue? If you need more info, screen shots or other data please let me know. Cheers Rob
All Replies (2)
The windows certificate store is completely irrelevant. It causes some issues with folk not adding new certificates to the Thunderbird one, but it also stops malware automatically adding their own certificates for man in the middle hacking. (that includes antivirus products unfortunately)
The port you are using is very non standard and I wondered is the server was not actually sending an appropriate certificate to connections on that prot so I tested it. Unfortunately I do not understand the response. https://www.immuniweb.com/ssl/13.236.43.253/hNXCjogX/
The response page shows an IP address but my test query used the FQN but it looks to me like a server misconfiguration might be the issue. When you get the error and view the certificate, who is the issuing authority for the certificate? Kaspersky perhaps? IIRC they self sign their certificates for encrypted communication scanning. That would fail the test as an untrusted authority.
Thanks Matt. I suspect that the issue is a server config problem, when I look at the certificate in Tbird it is out of date (attached to previous entry) and attached is the faulty certificate when accessing the server from the my mobile phone using OpenSync. Manually certifying this invalid cert allows OpenSync to work OK. For now the issue has gone away, I believe that the exception I set in the Tbird certificate store has fixed the issue, but cannot be sure as it seemed to take some days before the error disappeared. Hosting support have not responded to my 3 requests for assistance (guess I won't be renewing with them). I have run the Immuniweb SSL test, https://www.immuniweb.com/ssl/mail.thebarretts.net.au/MC0UtUt3/ it paints a pretty bad picture so will bounce this to the provider. Thanks for your help. Cheers Rob