Thunderbird - Permanent error "Secure connection failed services.addons.mozilla.org uses an invalid security certificate."
When I enter the Get Add-ons tab in Tools>Add-ons I always receive: "Secure connection failed services.addons.mozilla.org uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)"
This repeats for very long time (about a year), probably its beginning is dated before period when there was real problem with expired certificate of Mozilla support site.
Additional effects are that (1) automatic update procedure doesn't work and (2) link "Or you can add an exception…" (located just under the above mentioned error message) do nothing.
I tried to find an answer under the assumption that the reported error describes what really happens. Since I don't expect negligence of the Mozilla people, I assume that the certificate in question is valid. Thus I can see only one reason: that my Win7 configuration doesn't have all certificates in the certification chain while services.addons.mozilla.org server doesn't provide its certificate stapled with all certificates up the chain. Since Thunderbird doesn't try to download missing certificates of the chain it could lead to this error. Unfortunately I can't (in)validate this hypothesis because my attempts to download and examine certificate provided by services.addons.mozilla.org host were unsuccessful.
Also of additional effects mentioned above IMO only effect (1) can be caused by this error. I tried all standard steps to isolate the error: I reinstalled Thunderbird from fresh copy of installator, run Thb with add-ons disabled, with disabled ESET NOD32 version 8 antivirus I use etc. At the same time Thunderbird om virtual machine (Win XP) works, so it's nothing related to the environment of my computer. As I'm rather carefull I don't expect malware...
I run out of ideas. At the same time in the plethora of answers to (almost) identical problems I can't find any which works.
sfaggam
Chosen solution
The recipe: Part 1 Check if the solution can be applied to your case: - Start Thunderbird then select Options>Advanced>[View Certificates] - In Thunderbird popup window named "Certificate Manager" select tab "Authorities" and scroll down the list of authorities to find "DigiCert Inc."; - In the list of certificates attached to that name try to find "DigiCert SHA2 Secure Server CA" entry - if the entry is missing the solution should work for you, otherwise it probably won't help (but you you may try it anyway) Part 2 Fix the problem: - Start Firefox then use the following link https://services.addons.mozilla.org/en-US/firefox/discovery/pane/8.0.1/Darwin to open the page (in fact it can be any working link starting with "https://services.addons.mozilla.org/") - In Firefox open (Tools>)Options>Advanced then click button "View Certificates"; - In popup window named "Certificate Manager" select tab "Authorities" and scroll down the list of authorities to find "DigiCert Inc."; - In the list of certificates attached to that name find "DigiCert SHA2 Secure Server CA" entry and click to select it; - Click button "Export..." below to export the certificate (it will be stored in DigiCertSHA2SecureServerCA.crt file); - go back to Thunderbird Certificate Manager window opened in Part 1 above and click button "Import..." then select previously exported file DigiCertSHA2SecureServerCA.crt; - restart Thunderbird.
Read this answer in context 👍 1All Replies (2)
I found a solution. I tried (perhaps 20 times) to get the certificate which is one level higher than certificate for services.addons.mozilla.org host, because lack of that certificate apparently was the reason for the problem. I found in bugzilla thread (https://bugzilla.mozilla.org/show_bug.cgi?id=1128368) link to some Firefox extension used by a member of Mozilla team for check whether services.addons.mozilla.org certificate is valid. I managed to open that page in Firefox so I was sure that both certificates are in Firefox certificate store. Then I opened Firefox certificate store and found the name of needed certificate in the content of versioncheck.addons.mozilla.org certificate (it turned out that services.addons.mozilla.org name is one of aliases to versioncheck.addons.mozilla.org). The needed certificate (it was DigiCert SHA2 Secure Server CA) of course was present in the Firefox store, so I exported it to text file (default name of the file is DigiCertSHA2SecureServerCA.crt), then imported it to Thunderbird. And voilà! the tab Get Add-ons in Tools>Add-ons of Thunderbird started to work again...
Chosen Solution
The recipe: Part 1 Check if the solution can be applied to your case: - Start Thunderbird then select Options>Advanced>[View Certificates] - In Thunderbird popup window named "Certificate Manager" select tab "Authorities" and scroll down the list of authorities to find "DigiCert Inc."; - In the list of certificates attached to that name try to find "DigiCert SHA2 Secure Server CA" entry - if the entry is missing the solution should work for you, otherwise it probably won't help (but you you may try it anyway) Part 2 Fix the problem: - Start Firefox then use the following link https://services.addons.mozilla.org/en-US/firefox/discovery/pane/8.0.1/Darwin to open the page (in fact it can be any working link starting with "https://services.addons.mozilla.org/") - In Firefox open (Tools>)Options>Advanced then click button "View Certificates"; - In popup window named "Certificate Manager" select tab "Authorities" and scroll down the list of authorities to find "DigiCert Inc."; - In the list of certificates attached to that name find "DigiCert SHA2 Secure Server CA" entry and click to select it; - Click button "Export..." below to export the certificate (it will be stored in DigiCertSHA2SecureServerCA.crt file); - go back to Thunderbird Certificate Manager window opened in Part 1 above and click button "Import..." then select previously exported file DigiCertSHA2SecureServerCA.crt; - restart Thunderbird.