Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 9.x
  4. Topic: Problem Thunderbird 78.0 (32bits) does not accept SME self signed certificate
« previous next »
Pages: [1]   Go Down

Problem Thunderbird 78.0 (32bits) does not accept SME self signed certificate

  • 0 Replies
  • 6732 Views

Offline joost

  • 19
  • +0/-0
Problem Thunderbird 78.0 (32bits) does not accept SME self signed certificate
« on: July 20, 2020, 11:26:39 PM »
Problem + Solution Thunderbird 78.0 (32bits) in Windows 10 does not accept SME self signed certificate any more

- Connection Security = SSL/TLS
- SSL ports ie IMAPS = 993, SMTPS = 465
- Specify authentication method = Normal Password

Solution:

In the Windows10 profiles directory (%APPDATA%\Thunderbird\Profiles\) edit cert_override.txt

THIS IS AN EXAMPLE FILE: put your own certificate date in.

Code: [Select]
# PSM Certificate Override Settings file
# This is a generated file!  Do not edit.
your.website.com:993 OID.2.16.840.1.101.3.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==
your.website.com:456 OID.2.16.840.1.101.3.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==
Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).

  • domainname:port : port 443 for HTTPS (SSL)
  • hash algorithm OID
    SHA1-256: OID.2.16.840.1.101.3.4.2.1 (used by SME)
  • Certificate fingerprint using previous hash algorithm
  • One or more characters for override type:
    M : allow mismatches in the hostname
    U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
    T : allow errors in the validity time, for example, for expired or not yet valid certs
  • Certificate's serial number and the issuer name as a base64 encoded string

More info
cert_override.txt is a text file generated in the user profile to store certificate exceptions specified by the user.  This file is used by Firefox, Thunderbird, and other XUL-based applications.

Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the cert_override.txt to the XULRunner application profile.

The syntax is described on http://boblord.livejournal.com/18402.html

Hope it helps someone

Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 9.x
  4. Topic: Problem Thunderbird 78.0 (32bits) does not accept SME self signed certificate