Problem + Solution Thunderbird 78.0 (32bits) in Windows 10 does not accept SME self signed certificate any more- Connection Security = SSL/TLS
- SSL ports ie IMAPS = 993, SMTPS = 465
- Specify authentication method = Normal Password
Solution:In the Windows10 profiles directory (%APPDATA%\Thunderbird\Profiles\) edit
cert_override.txtTHIS IS AN EXAMPLE FILE: put your own certificate date in.
# PSM Certificate Override Settings file
# This is a generated file! Do not edit.
your.website.com:993 OID.2.16.840.1.101.3.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA==
your.website.com:456 OID.2.16.840.1.101.3.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA==
Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).
- domainname:port : port 443 for HTTPS (SSL)
- hash algorithm OID
SHA1-256: OID.2.16.840.1.101.3.4.2.1 (used by SME) - Certificate fingerprint using previous hash algorithm
- One or more characters for override type:
M : allow mismatches in the hostname
U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
T : allow errors in the validity time, for example, for expired or not yet valid certs
- Certificate's serial number and the issuer name as a base64 encoded string
More infocert_override.txt is a text file generated in the user profile to store certificate exceptions specified by the user. This file is used by Firefox, Thunderbird, and other XUL-based applications.
Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the cert_override.txt to the XULRunner application profile.
The syntax is described on
http://boblord.livejournal.com/18402.htmlHope it helps someone