thunderbird trying to override ssl certificate
When I try to send a email I get a error message, "Sending of message failed. The message could not be sent using SMTP server smtpout.secureserver.net for an unknown reason. Please verify that your SMTP server settings are correct and try again, or contact your network administrator." Then another window pops asking to override my SSL certificate. I am using Godaddy for email hosting and they are saying it might be a security flaw within Thunderbird. It is trying to override my godaddy SSL cert with a cert with the following info.
Issued To
Common Name (CN): Server ] Organization (O):Sample, Inc.
Organization Unit (OU):IT Team
Serial Number:02
Issued By
Common Name (CN):CA
Organization (O):Sample, Inc.
Organization Unit (OU):IT Team
Validity
Issued on:11/18/2010
Expires On:11/15/2020
Fingerprints
SHA1 Fingerprint:12:52:B4:38:8C:74:A2:F1:13:1F:F3:46:EF:75:CE:9A:02:E9:28:91
MD5 Fingerprint:FA:A3:01:DD:E5:5D:20:60:F7:6C:24:DA:93:14:7F:30
I don't want to override my SSL cert and every email I try to send it wants me to. Is there a virus on my computer or am I being hacked or am I over reacting and should just accept it?
cajohnson002 trɔe
All Replies (4)
It does seem very suspicious if the Issuer ("Issued by") is "Sample, Inc."
Have you always had this problem with Thunderbird or it is a new issue that started recently?
For suggested malware scanning tools, see this article: Troubleshoot Firefox issues caused by malware.
I've been having the same problem intermittently, for maybe a few weeks. The certificate is clearly self-signed, probably being served by just one of the SMTP pool servers behind the smtpout.secureserver.net VIP (or possibly on the load-balancer itself, if it's terminating the SSL). I've uploaded a screenshot, which appears to be identical to the one described above, as well as another screenshot of a valid GoDaddy SMTP certificate.
Unfortunately, I can't get GoDaddy support to consider this possibility, as they've responded that their servers aren't misconfigured, and that it's "being caused locally by the time and date on [my] computer." Apparently my time/date configuration, which is synchronized via NTP, is somehow causing a certificate to appear from the "IT Team" at "Sample, Inc." Right.
The other possibility I might be willing to consider is a man-in-the-middle attack from malware or a malicious actor at the ISP. The fact that the OP on this thread is having the same problem, and is getting the exact same certificate, makes the ISP theory pretty unlikely. I'm also experiencing this problem from both a Mac and a Windows box, so the malware option is unlikely as well.
I will post an update if I get a resolution through GoDaddy or other means.
dafx trɔe
dafx, where have I suggested to accept a suspicious certificate?
Please read the article before making such claims.