Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

OSX Server 5.1 IMAP Mail with Thunderbird. Certificate problem - can't connect from Win7

  • 1 resposta
  • 1 has this problem
  • 4 views
  • Last reply by Matt

more options

We are setting up a new Apple OS X Server 5.1 provide an IMAP for internal mail. We are hoping to use Thunderbird as the client. On MAC workstations and laptops when we setup the new email account we are offered the option to accept and trust the local self signed certificate. Once accepted the email accounts function correctly. However, when trying the same procedure on Win7 workstations we don't get the option to trust and cannot connect to the IMAP server. We tried importing the certificate from one of the MAC workstations, but the Win7 workstation does not trust it. Any suggestions?

Just for info - file sharing, DHCP and DNS are operating correctly.

We are setting up a new Apple OS X Server 5.1 provide an IMAP for internal mail. We are hoping to use Thunderbird as the client. On MAC workstations and laptops when we setup the new email account we are offered the option to accept and trust the local self signed certificate. Once accepted the email accounts function correctly. However, when trying the same procedure on Win7 workstations we don't get the option to trust and cannot connect to the IMAP server. We tried importing the certificate from one of the MAC workstations, but the Win7 workstation does not trust it. Any suggestions? Just for info - file sharing, DHCP and DNS are operating correctly.

All Replies (1)

more options

My guess is SSL/TLS is not configured for the changes that occurred following logjam.

Ensure the server is functioning with TLS1.2 and that valid certificates of at least 2048bytes are used Everything before TLS1.2 is broken and should not be used. That includes SSL in it's entirety

Keys less than 2048 are also no longer long enough to provide anything like the encryption required.. Breaking them is now at the level of "trivial"