X
Tap here to go to the mobile version of the site.

Support Forum

Thunderbird keeps asking me to confirm certificates and will not make a permanent exception for any of them.

Posted

I download to Thunderbird my email from the servers of three different email providers. For at least the past month, upon starting Tbird each day, I get a pop up saying that the certificates of these email servers cannot be verified because the issuer is unknown. This happens without regard to whether I check the box that says to make a permanent exception for each certificate. I have also deleted the cert8.db and cert9.db files in order to let Tbird rebuild them. That also makes no difference.

Interestingly, the problem occurs only the first time Tbird is run up each day. If I shut down the computer, then restart it, and run up Tbird for the second time that day, no problem. But the next day, the problem occurs the first time I start up that day.

This is getting extremely annoying, and I have no idea how to fix whatever the problem is. So far as I can recall there have been no major changes in my system that may have caused this problem. I am stumped and very vexed. Help would be greatly appreciated.

I download to Thunderbird my email from the servers of three different email providers. For at least the past month, upon starting Tbird each day, I get a pop up saying that the certificates of these email servers cannot be verified because the issuer is unknown. This happens without regard to whether I check the box that says to make a permanent exception for each certificate. I have also deleted the cert8.db and cert9.db files in order to let Tbird rebuild them. That also makes no difference. Interestingly, the problem occurs only the first time Tbird is run up each day. If I shut down the computer, then restart it, and run up Tbird for the second time that day, no problem. But the next day, the problem occurs the first time I start up that day. This is getting extremely annoying, and I have no idea how to fix whatever the problem is. So far as I can recall there have been no major changes in my system that may have caused this problem. I am stumped and very vexed. Help would be greatly appreciated.

Chosen solution

When your problem is fixed (for now) can you mark the topic as 'Solved' please? Thank you. Feel free to raise a new topic at any time.

Read this answer in context 1
christ1
  • Top 25 Contributor
2171 solutions 15897 answers

What anti-virus/security software are you using?

What anti-virus/security software are you using?

Question owner

Eset's NOD32 version 12.1.34.0. Eset emphatically disclaims any responsibility: "the issue you are having is actually Thunderbird warning you of the security of the email server you are using in it and it showing ESET's certificate [only] because your web email's SSL certificate is first going through ESET's scanner. .... So the issue is out of our scope of support. You would need to contact your web email provider for further assistance. In most cases, this issue will resolve itself once the certificate holder renews the certificate or resolves whatever security issue it has."

When I pointed out the extreme unlikelihood that all four email providers were having the exact same problem at the exact same time, Eset's position remained unchanged.

Eset's NOD32 version 12.1.34.0. Eset emphatically disclaims any responsibility: "the issue you are having is actually Thunderbird warning you of the security of the email server you are using in it and it showing ESET's certificate [only] because your web email's SSL certificate is first going through ESET's scanner. .... So the issue is out of our scope of support. You would need to contact your web email provider for further assistance. In most cases, this issue will resolve itself once the certificate holder renews the certificate or resolves whatever security issue it has." When I pointed out the extreme unlikelihood that all four email providers were having the exact same problem at the exact same time, Eset's position remained unchanged.
christ1
  • Top 25 Contributor
2171 solutions 15897 answers
See https://support.mozilla.org/en-US/kb/error-codes-secure-websites for the problem in general, and https://support.mozilla.org/en-US/kb/error-codes-secure-websites#w_eset for ESET in particular.

Question owner

I already went through all that and more, as well as https://forum.eset.com/topic/10109-ss-thunderbird-security-exception-not-saved/

Nothing has worked. I'm getting close to ditching both Tbird and my AV.

I already went through all that and more, as well as https://forum.eset.com/topic/10109-ss-thunderbird-security-exception-not-saved/ Nothing has worked. I'm getting close to ditching both Tbird and my AV.
christ1
  • Top 25 Contributor
2171 solutions 15897 answers

Attempt to add an exception on the bottom of the error page - see attached screenshot for instructions. Don't actually create an exception.

Inspect the certificate. Who is the issuer of the cert?

Please post a screenshot of the certificate viewer window with the issuer information visible. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem

Attempt to add an exception on the bottom of the error page - see attached screenshot for instructions. Don't actually create an exception. Inspect the certificate. Who is the issuer of the cert? Please post a screenshot of the certificate viewer window with the issuer information visible. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem

Modified by christ1

Question owner

Thanks for the response.

I attach 4 (correction, updated to 5. see note 1 below) screenshots. The instructions you gave for creating a screenshot apply to Firefox, so I just used my phone to take the shots and converted the format to PNG. I hope that it okay.

A few notes:

1. I am confused about the situation of my Yahoo accounts. I have 2 Yahoo accounts, one of which is a paid "plus" account, and one a free account. I got 2 certificate problems with Yahoo this morning, and have attached 2 shots of the "legacy" Yahoo server certificates. There is a plus account certificate I can see among my certificates, but that was not a problem this morning. In fact, let me take another (5th) screenshot, so you can see what I mean. You will see three Yahoo certificates.

2. This morning, when I took these shots, I did not have a certificate problem with my Comcast account or my Gmail pop account (unlike the GMail imap account), or the Yahoo "plus" account server (see note 1).

3. In the course of battling this problem over the past weeks, I have checked and unchecked boxes, turned settings off and on, deleted and created the cert8 and cert 9 files, etc., in the hope of finding some configuration that ends the problem. In doing that, I have seen all sorts of situation with the certificates when I look at them in the certificate manager. What they all have in common is that they have not solved the problem. So what I am telling you is that the present state of affairs is not the sole one that has caused the problem for me.

Once more, thanks for working with me on this!

Thanks for the response. I attach 4 (correction, updated to 5. see note 1 below) screenshots. The instructions you gave for creating a screenshot apply to Firefox, so I just used my phone to take the shots and converted the format to PNG. I hope that it okay. A few notes: 1. I am confused about the situation of my Yahoo accounts. I have 2 Yahoo accounts, one of which is a paid "plus" account, and one a free account. I got 2 certificate problems with Yahoo this morning, and have attached 2 shots of the "legacy" Yahoo server certificates. There is a plus account certificate I can see among my certificates, but that was not a problem this morning. In fact, let me take another (5th) screenshot, so you can see what I mean. You will see three Yahoo certificates. 2. This morning, when I took these shots, I did not have a certificate problem with my Comcast account or my Gmail pop account (unlike the GMail imap account), or the Yahoo "plus" account server (see note 1). 3. In the course of battling this problem over the past weeks, I have checked and unchecked boxes, turned settings off and on, deleted and created the cert8 and cert 9 files, etc., in the hope of finding some configuration that ends the problem. In doing that, I have seen all sorts of situation with the certificates when I look at them in the certificate manager. What they all have in common is that they have not solved the problem. So what I am telling you is that the present state of affairs is not the sole one that has caused the problem for me. Once more, thanks for working with me on this!
christ1
  • Top 25 Contributor
2171 solutions 15897 answers

Your camera taken screenshots are very small and unreadable. Please follow the instructions as per the above post. https://support.mozilla.org/en-US/questions/1259049#answer-1222528

Your camera taken screenshots are very small and unreadable. Please follow the instructions as per the above post. https://support.mozilla.org/en-US/questions/1259049#answer-1222528

Modified by christ1

Question owner

Apologies! Sorry for that. (Note to self: make the morning coffee stronger.)

I attached larger images.

Apologies! Sorry for that. (Note to self: make the morning coffee stronger.) I attached larger images.
christ1
  • Top 25 Contributor
2171 solutions 15897 answers

As expected, the issuer of the certs Thunderbird is complaining about is ESET. Thunderbird doesn't know the ESET CA and hence you get the error message.

There is nothing else Thunderbird can do about that. I can only refer you to what has been posted above before. https://support.mozilla.org/en-US/questions/1259049#answer-1221889

Nothing has worked.

Then you may have done something wrong. I'd suggest you contact ESET support for help.

I'm getting close to ditching both Tbird ...

That's entirely up to you.

... and my AV.

That may actually be a good idea. When ESET is intercepting your secure connection to the server this doesn't make you any more safe. In fact I'd hope you do have a lot of faith in ESET, as they can see your email password every time you login to your email server.

As expected, the issuer of the certs Thunderbird is complaining about is ESET. Thunderbird doesn't know the ESET CA and hence you get the error message. There is nothing else Thunderbird can do about that. I can only refer you to what has been posted above before. https://support.mozilla.org/en-US/questions/1259049#answer-1221889 <blockquote> Nothing has worked. </blockquote> Then you may have done something wrong. I'd suggest you contact ESET support for help. <blockquote> I'm getting close to ditching both Tbird ... </blockquote> That's entirely up to you. <blockquote> ... and my AV. </blockquote> That may actually be a good idea. When ESET is intercepting your secure connection to the server this doesn't make you any more safe. In fact I'd hope you do have a lot of faith in ESET, as they can see your email password every time you login to your email server.

Question owner

The situation turns out to be pretty much as I suspected.

I will continuing to think about your final suggestions, including the password issue. For the present, I have set my AV not to filter Tbird for SSL/TLS. That has given me a respite from the certificate popups, so that I can decide in peace and quiet on a permanent course of action.

The question is as resolved as it is likely to be here for me.

Once again, thanks.

The situation turns out to be pretty much as I suspected. I will continuing to think about your final suggestions, including the password issue. For the present, I have set my AV not to filter Tbird for SSL/TLS. That has given me a respite from the certificate popups, so that I can decide in peace and quiet on a permanent course of action. The question is as resolved as it is likely to be here for me. Once again, thanks.
christ1
  • Top 25 Contributor
2171 solutions 15897 answers

Chosen Solution

When your problem is fixed (for now) can you mark the topic as 'Solved' please? Thank you. Feel free to raise a new topic at any time.

When your problem is fixed (for now) can you mark the topic as 'Solved' please? Thank you. Feel free to raise a new topic at any time.