X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

How force Thunderbird to accept a certificate? or admit a new certificate authority when it doesn't accept the authority as valid?

Veröffentlicht

I get the following message when I check the senders signature:

This certificate can't be verified and will not be imported. The certificate issuer might be unknown or untrusted, the certificate might have expired or been revoked, or the certificate might not have been approved."

So, after converting the .crt to a .cer file, and trying to import it into the Authorities list - I get the following message: "This is not a certificate authority certificate, so it can't be imported into the certificate authority list." I converted it by saving it in the alternative formats but it won't accept the certificate authority. I don't understand why Thunderbird won't let me accept the risk. Can I do this without getting the sender's server address and port? thanks!

I get the following message when I check the senders signature: This certificate can't be verified and will not be imported. The certificate issuer might be unknown or untrusted, the certificate might have expired or been revoked, or the certificate might not have been approved." So, after converting the .crt to a .cer file, and trying to import it into the Authorities list - I get the following message: "This is not a certificate authority certificate, so it can't be imported into the certificate authority list." I converted it by saving it in the alternative formats but it won't accept the certificate authority. I don't understand why Thunderbird won't let me accept the risk. Can I do this without getting the sender's server address and port? thanks!

Geändert am von redhead3638

Ausgewählte Lösung

Ok. roger all. Will try to get a different certificate from the sender. Thanks very much!

Diese Antwort im Kontext lesen 0

Mehr Details zum System

Anwendung

  • User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36

Weitere Informationen

christ1
  • Top 25 Contributor
2195 Lösungen 16046 Antworten
Veröffentlicht

Hilfreiche Antwort

I can't get THunderbird to accept your certificate

What certificate exactly are you talking about?

or accept APL as a valid certificate authority.

I have no idea what 'APL' stands for. In any case, you can import CA certificates into the Thunderbird certificate store.

it won't even let me try to send encrypted to you

Who is 'you'? What are you trying to achieve in the first place?

<blockquote> I can't get THunderbird to accept your certificate </blockquote> What certificate exactly are you talking about? <blockquote> or accept APL as a valid certificate authority. </blockquote> I have no idea what 'APL' stands for. In any case, you can import CA certificates into the Thunderbird certificate store. <blockquote> it won't even let me try to send encrypted to you </blockquote> Who is 'you'? What are you trying to achieve in the first place?

Fragesteller

I copied too much of a conversation into the question. Sorry I can't edit the question.

Please start reading the question at "I get the following message when I check the senders signature:"

I copied too much of a conversation into the question. Sorry I can't edit the question. Please start reading the question at "I get the following message when I check the senders signature:"
christ1
  • Top 25 Contributor
2195 Lösungen 16046 Antworten
Veröffentlicht

You'll need to import the cert of the CA which issued the cert you want to verify into the Thunderbird certificate store. Thunderbird needs to verify the entire certificate chain up to the root CA. So you may even need to import other certs from intermediate CAs in case these do not yet exist in the Thunderbird certificate store. You can determine the entire certificate chain by inspecting the cert you received from the sender of the message.

You'll need to import the cert of the CA which issued the cert you want to verify into the Thunderbird certificate store. Thunderbird needs to verify the entire certificate chain up to the root CA. So you may even need to import other certs from intermediate CAs in case these do not yet exist in the Thunderbird certificate store. You can determine the entire certificate chain by inspecting the cert you received from the sender of the message.

Fragesteller

Thanks - that explains a lot. When I look at the hierarchy of the certificate, there is only one name on it, that of my sender. I tried it as a self-signed certificate too, that is also a no-go. I get from what you are saying is that unless I can get a certificate from that client that is recognized as valid, or from a valid CA, then it won't work. Should i even bother with trying to get the server id?

Thanks - that explains a lot. When I look at the hierarchy of the certificate, there is only one name on it, that of my sender. I tried it as a self-signed certificate too, that is also a no-go. I get from what you are saying is that unless I can get a certificate from that client that is recognized as valid, or from a valid CA, then it won't work. Should i even bother with trying to get the server id?
christ1
  • Top 25 Contributor
2195 Lösungen 16046 Antworten
Veröffentlicht

Hilfreiche Antwort

I'm not sure what you mean with 'server id'. As said before, you'd need to import the cert of the CA which issued the cert you received from the sender who signed the message.

I'm not sure what you mean with 'server id'. As said before, you'd need to import the cert of the CA which issued the cert you received from the sender who signed the message.

Fragesteller

I meant that there's an option to add an exception to the server list so it would allow encryption to/from that server. Would that work? thanks again!

I meant that there's an option to add an exception to the server list so it would allow encryption to/from that server. Would that work? thanks again!
christ1
  • Top 25 Contributor
2195 Lösungen 16046 Antworten
Veröffentlicht

That's an entirely different story and has got nothing to do with a signed message you received.

Wrt to creating an exception, there shouldn't be a need to create an exception in the first place. If you're prompted to create an exception, ultimately something went wrong. In that case you should investigate what the problem is, and not just foolishly create an exception. In the worst case you may be connected to a malicious server and putting yourself at risk.

That's an entirely different story and has got nothing to do with a signed message you received. Wrt to creating an exception, there shouldn't be a need to create an exception in the first place. If you're prompted to create an exception, ultimately something went wrong. In that case you should investigate what the problem is, and not just foolishly create an exception. In the worst case you may be connected to a malicious server and putting yourself at risk.

Ausgewählte Lösung

Ok. roger all. Will try to get a different certificate from the sender. Thanks very much!

Ok. roger all. Will try to get a different certificate from the sender. Thanks very much!

Geändert am von redhead3638

Fragesteller

Problem was fixed when sender IT dept sent me root certificate & I imported it into authorities. thanks for your help in isolating problem.

Problem was fixed when sender IT dept sent me root certificate & I imported it into authorities. thanks for your help in isolating problem.