Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Local CA being ignored

  • 2 replies
  • 0 have this problem
  • 8 views
  • Last reply by kingham1

kingham1
kingham1
more options

I have added my local CA to the Certificate Manager (CA.png). When I try to send, I get the "confirm security exception" message (CertError.png). Viewing the certificate gives the data in Server.png and CACert.png.

The server cert is properly signed: $ openssl verify -CAfile ca-chain.cert.pem Mercury2.i-pi.com587.cert.pem Mercury2.i-pi.com587.cert.pem: OK

Why am I getting the certificate error when the CA is loaded into Thunderbird?

OS: Ubuntu 24.04.2 LTS patched as of just now. Thunderbird: 128.10.2esr (64-bit) Thunderbird is installed by snap: $ sudo snap info thunderbird name: thunderbird summary: Mozilla Thunderbird email application publisher: Canonical✓ store-url: https://snapcraft.io/thunderbird contact: https://www.thunderbird.net/contact/ license: unset description: | 

 Thunderbird is a free email application that’s easy to set up and customize
 - and it’s loaded with great features!

commands: 

 - thunderbird

snap-id: k1Ml1O9GzSO2QftV0ZlWSbUfQ78nN460 tracking: latest/stable refresh-date: 3 days ago, at 10:48 MDT channels: 

 latest/stable:    128.10.2esr-1 2025-05-23 (734) 220MB -
 latest/candidate: 128.11.0esr-1 2025-05-23 (735) 220MB -
 latest/beta:      139.0b4-2     2025-05-20 (731) 236MB -
 latest/edge:      ↑

installed: 128.10.2esr-1 (734) 220MB -

I have added my local CA to the Certificate Manager (CA.png). When I try to send, I get the "confirm security exception" message (CertError.png). Viewing the certificate gives the data in Server.png and CACert.png. The server cert is properly signed: $ openssl verify -CAfile ca-chain.cert.pem Mercury2.i-pi.com587.cert.pem Mercury2.i-pi.com587.cert.pem: OK Why am I getting the certificate error when the CA is loaded into Thunderbird? OS: Ubuntu 24.04.2 LTS patched as of just now. Thunderbird: 128.10.2esr (64-bit) Thunderbird is installed by snap: $ sudo snap info thunderbird name: thunderbird summary: Mozilla Thunderbird email application publisher: Canonical✓ store-url: https://snapcraft.io/thunderbird contact: https://www.thunderbird.net/contact/ license: unset description: | Thunderbird is a free email application that’s easy to set up and customize - and it’s loaded with great features! commands: - thunderbird snap-id: k1Ml1O9GzSO2QftV0ZlWSbUfQ78nN460 tracking: latest/stable refresh-date: 3 days ago, at 10:48 MDT channels: latest/stable: 128.10.2esr-1 2025-05-23 (734) 220MB - latest/candidate: 128.11.0esr-1 2025-05-23 (735) 220MB - latest/beta: 139.0b4-2 2025-05-20 (731) 236MB - latest/edge: ↑ installed: 128.10.2esr-1 (734) 220MB -
Attached screenshots

Chosen solution

Modern web browsers (and email clients) and applications generally do not rely on the Common Name (CN) for hostname validation. Instead, they primarily use the Subject Alternative Name (SAN) extension. You may want to try to issue a new server cert with a SAN.

Read this answer in context 👍 1

All Replies (2)

christ1
christ1
  • Top 25 Contributor
more options

Chosen Solution

Modern web browsers (and email clients) and applications generally do not rely on the Common Name (CN) for hostname validation. Instead, they primarily use the Subject Alternative Name (SAN) extension. You may want to try to issue a new server cert with a SAN.

Helpful?

kingham1
kingham1 Question owner
more options

Solved the problem. Thank you.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.