Recent answers to Certificate problem with Microsoft Outlook.comhttps://support.mozilla.org/en-US/questions/13111442020-11-01T09:35:22-08:00Hi xtouqh. This morning, the problem was gone. I put all of my Avast settings back as they origina2020-11-01T09:35:22-08:00tmpchttps://support.mozilla.org/en-US/questions/1311144#answer-1363453<p>Hi xtouqh. This morning, the problem was gone. I put all of my Avast settings back as they originally were and haven't seen the problem all day. I guess Microsoft had a problem.
</p><p>Thanks for the confirmation, xtouqh. And, thanks to sfhowes and the folks at DigiCert.
</p>FWIW, despite what the reply from DigiCert says, I was getting this all day yesterday on Windows 10 2020-11-01T01:16:28-07:00user3148547https://support.mozilla.org/en-US/questions/1311144#answer-1363294<p>FWIW, despite what the reply from DigiCert says, I was getting this all day yesterday on Windows 10 + Thunderbird 78.4.0 + IMAP to <a href="http://office365.com" rel="nofollow">office365.com</a> servers, today the issue has disappeared by itself.
</p>I received the following reply from DigiCert:
"Unfortunately, we are not really sure how this happen2020-10-31T20:30:20-07:00tmpchttps://support.mozilla.org/en-US/questions/1311144#answer-1363225<p>I received the following reply from DigiCert:
</p><p>"Unfortunately, we are not really sure how this happened. I believe it just started yesterday and we received multiple reports for the similar issue. Those were all linked to <a href="http://outlook.com" rel="nofollow">outlook.com</a> domain names, and only happened to Apple devices (Mac, iPhone, iPad, etc.). Checking certificate installation with tools doesn't display any error, and the same issue is not found with Window computers. So the only suggestion we can provide at the moment is checking with Apple's support team."
</p><p>So it isn't just happening to me.
</p>I received the following message from DigiCert overnight:
Unfortunately, we are not really sure how 2020-10-31T20:29:04-07:00tmpchttps://support.mozilla.org/en-US/questions/1311144#answer-1363224<p>I received the following message from DigiCert overnight:
</p><p><em><strong>Unfortunately, we are not really sure how this happened. I believe it just started yesterday and we received multiple reports for the similar issue. Those were all linked to <a href="http://outlook.com" rel="nofollow">outlook.com</a> domain names, and only happened to Apple devices (Mac, iPhone, iPad, etc.). Checking certificate installation with tools doesn't display any error, and the same issue is not found with Window computers. So the only suggestion we can provide at the moment is checking with Apple's support team.</strong></em>
</p><p>So, it isn't just me.
</p>I received the following message from DigiCert overnight:
"Unfortunately, we are not really sure how2020-10-31T20:27:12-07:00tmpchttps://support.mozilla.org/en-US/questions/1311144#answer-1363222<p>I received the following message from DigiCert overnight:
</p><p><em><strong>"Unfortunately, we are not really sure how this happened. I believe it just started yesterday and we received multiple reports for the similar issue. Those were all linked to <a href="http://outlook.com" rel="nofollow">outlook.com</a> domain names, and only happened to Apple devices (Mac, iPhone, iPad, etc.). Checking certificate installation with tools doesn't display any error, and the same issue is not found with Window computers. So the only suggestion we can provide at the moment is checking with Apple's support team."</strong></em>
</p><p>So, it isn't just me.
</p>If you were on Windows I would suggest you avoid the nonsense of these antivirus programs and just u2020-10-31T14:36:17-07:00sfhoweshttps://support.mozilla.org/en-US/questions/1311144#answer-1363147<p>If you were on Windows I would suggest you avoid the nonsense of these antivirus programs and just use Windows Security, but, not being a mac user, I can't offer a similar recommendation. Perhaps other mac users on the forum can suggest a security app that works without interfering with TB.
</p><p>If you stick with Avast, consider disabling SSL scanning:
</p><p><a href="https://support.avast.com/en-in/article/189/" rel="nofollow">https://support.avast.com/en-in/article/189/</a>
</p>Well, the window appeared even with the changes I made in Avast. So, I went into Avast and turned o2020-10-31T13:35:25-07:00tmpchttps://support.mozilla.org/en-US/questions/1311144#answer-1363143<p>Well, the window appeared even with the changes I made in Avast. So, I went into Avast and turned off the entire email shield . . . and the popup window still appeared.
</p><p>In desperation, I sent an email to DigiCert and to my amazement, just received a reply. It says: "In this case that warning means that the OS can't verify the legitimacy of the certificate for the server connection. I'd recommend reaching out to Apple Support to
assist."
</p><p>I'll contact Apple, but I know they aren't going to do squat for me. Any other ideas, sfhowes?
</p>I wrote a reply but it was dumped. So, long story short; I couldn't find anything I could make sens2020-10-31T12:26:15-07:00tmpchttps://support.mozilla.org/en-US/questions/1311144#answer-1363131<p>I wrote a reply but it was dumped. So, long story short; I couldn't find anything I could make sense of in the search you suggested. Reinstalled Avast and made some changes in its email settings that I think are what you are talking about. So, we'll see. So far, the window hasn't popped up, but I've had that happen before. So, I'll let you know how it turns out. Thanks for your help, sfhowes.
</p>sfhowes said
There are plenty of references if you Google Sophos SSL scanning, and advice for adding2020-10-31T12:16:58-07:00tmpchttps://support.mozilla.org/en-US/questions/1311144#answer-1363130<em><p>sfhowes <a href="#answer-1363093" rel="nofollow">said</a></p></em>
<blockquote>There are plenty of references if you Google Sophos SSL scanning, and advice for adding exclusions. I don't think this in any way reduces protection, as the real-time background scan of email is still in place. It just limits the interference of Sophos in secure connections to mail servers, a process that is best controlled by TB. It's generally recommended anyway to exclude TB from email scanning:
<a href="http://kb.mozillazine.org/Antivirus_software" rel="nofollow">http://kb.mozillazine.org/Antivirus_software</a>
</blockquote>
<p>I tried searching on that but couldn't really find anything that made sense to me. I went into the Sophos online settings and couldn't find any place to set anything remotely related to email scanning. So, I uninstalled Sophos, reloaded Avast, and am trying a few things in its email settings. I turned off "Scan Decure Connections" and added "<a href="http://pop-mail.outlook.com:995" rel="nofollow">pop-mail.outlook.com:995</a>" to the scan exceptions list. If this appears to be flailing on my part, that's because it is. The warning window hasn't appeared in a little while, but I've had that happen before.
</p><p>Computers are wonderful things when they work, but are an inscrutable s*** show for regular people when this kind of problem pops up.
</p><p>I thank you for your help, sfhowes. I'm going to use this for a day or so to make sure it doesn't reappear and will let you know if this has solved the problem.
</p>There are plenty of references if you Google Sophos SSL scanning, and advice for adding exclusions. 2020-10-31T10:49:24-07:00sfhoweshttps://support.mozilla.org/en-US/questions/1311144#answer-1363093<p>There are plenty of references if you Google Sophos SSL scanning, and advice for adding exclusions. I don't think this in any way reduces protection, as the real-time background scan of email is still in place. It just limits the interference of Sophos in secure connections to mail servers, a process that is best controlled by TB. It's generally recommended anyway to exclude TB from email scanning:
</p><p><a href="http://kb.mozillazine.org/Antivirus_software" rel="nofollow">http://kb.mozillazine.org/Antivirus_software</a>
</p>sfhowes said
Do you have Avast intercepting certificates? That is probably the source of the error.2020-10-31T10:29:00-07:00tmpchttps://support.mozilla.org/en-US/questions/1311144#answer-1363082<em><p>sfhowes <a href="#answer-1363027" rel="nofollow">said</a></p></em>
<blockquote>Do you have Avast intercepting certificates? That is probably the source of the error. Disable SSL scanning and see if it helps:
<a href="https://support.postbox-inc.com/hc/en-us/articles/204602300-Invalid-Security-Certificate-Error-when-using-AVAST" rel="nofollow">https://support.postbox-inc.com/hc/en-us/articles/204602300-Invalid-Security-Certificate-Error-when-using-AVAST</a>
</blockquote>
<p>Thanks for the reply, sfhowes. Well, the story gets better. A few days ago, I removed my Sophos virus protection and replaced it with Avast because I wanted protection I could turn off when need be and this is easier to do in Avast. So, after I sent the post you replied to, I unistalled Avast and went back to Sophos, but it's still doing it. The only difference is that the Common Name is now DigiCert Cloud Services CA-1. So, it isn't Avast.
</p><p>I have no idea how to disable SSL scanning but in looking it up it says that you are effectively turning off the virus protection. This sounds like a scary experiment. The problem with this whole thing is that the warning is very scary with no solution provided. I really don't know what to do.
</p>Do you have Avast intercepting certificates? That is probably the source of the error. Disable SSL2020-10-31T06:42:34-07:00sfhoweshttps://support.mozilla.org/en-US/questions/1311144#answer-1363027<p>Do you have Avast intercepting certificates? That is probably the source of the error. Disable SSL scanning and see if it helps:
</p><p><a href="https://support.postbox-inc.com/hc/en-us/articles/204602300-Invalid-Security-Certificate-Error-when-using-AVAST" rel="nofollow">https://support.postbox-inc.com/hc/en-us/articles/204602300-Invalid-Security-Certificate-Error-when-using-AVAST</a>
</p>