I'm at a loss as to what I'm supposed to do. We've had a self-signed cert on our mail server(Mercury) for years and years. The current one expires next week, so I creat… (read more)
I'm at a loss as to what I'm supposed to do. We've had a self-signed cert on our mail server(Mercury) for years and years. The current one expires next week, so I created a new one and set it.
When I try and send an email, I get "Sending of the message failed. The certificate is not trusted because it is self-signed. The configuration related to x.x.x.x must be corrected.". While watching the mail server, I can see the STARTTLS connection and the eventual termination by Tunderbird.
I then go to Tools->Options, then to Privacy & Security. Scroll down to Security, click the Manage Certificates button. I switch to the Servers tab and I could see my old x.x.x.x:25 server, so I selected it and deleted it. I then click Add Exception at the bottom, put in the exact server address(x.x.x.x:25) and click "Get Cerfiicate". I immediately get a "No Information Available Unable to obtain identification status for this site". Of course, "Confirm Security Exception" is disabled. Note, when I click "Get Certficate" I see NO connection to the mail server at all.
I reconfigured my account settings to be port 587 rather than 25 in case there's some weirdness there. When I try and send, of course, I get the same sort of connection activity on the server. When I try Get Certificate from Add Security Exception, I get zero activity.
What am I missing to get Certificate Manager to actually get the certificate from my mail server and allow an exception like it did 2 years ago(the last time I changed certs)?
Note, I tried this on my Thunderbird 77.0b3 and another employees 68.8.1. Both had the exact same result(no connection attempt from Get Certificate, meaning unable to continue).
Note, Outlook on my bosses machine, the mail client on my phone(MIUI12s built in one), and my bosses iPhone all are working perfectly fine with the new cert(once it prompted to allow for the self-signed cert). So I'm reasonably assured Thunderbird is the problem child here. Yes, the cert has X509v3 extensions.
Related to this bugzilla