Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: joost on July 20, 2020, 11:26:39 PM

Title: Problem Thunderbird 78.0 (32bits) does not accept SME self signed certificate
Post by: joost on July 20, 2020, 11:26:39 PM

Problem + Solution Thunderbird 78.0 (32bits) in Windows 10 does not accept SME self signed certificate any more

- Connection Security = SSL/TLS
- SSL ports ie IMAPS = 993, SMTPS = 465
- Specify authentication method = Normal Password

Solution:

In the Windows10 profiles directory (%APPDATA%\Thunderbird\Profiles\) edit cert_override.txt

THIS IS AN EXAMPLE FILE: put your own certificate date in.

Code: [Select]

# PSM Certificate Override Settings file
# This is a generated file!  Do not edit.
your.website.com:993 OID.2.16.840.1.101.3.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==
your.website.com:456 OID.2.16.840.1.101.3.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==
Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).

• domainname:port : port 443 for HTTPS (SSL)
• hash algorithm OID
  SHA1-256: OID.2.16.840.1.101.3.4.2.1 (used by SME)
• Certificate fingerprint using previous hash algorithm
• One or more characters for override type:
  M : allow mismatches in the hostname
  U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
  T : allow errors in the validity time, for example, for expired or not yet valid certs
  
• Certificate's serial number and the issuer name as a base64 encoded string

More info
cert_override.txt is a text file generated in the user profile to store certificate exceptions specified by the user.  This file is used by Firefox, Thunderbird, and other XUL-based applications.

Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the cert_override.txt to the XULRunner application profile.

The syntax is described on http://boblord.livejournal.com/18402.html (http://boblord.livejournal.com/18402.html)

Hope it helps someone