I keep getting a message to update Mozilla Thunderbird; and yet if I do, Thunderbird totally breaks. I don't dare update it and would like it to stop popping up the mess… (read more)
I keep getting a message to update Mozilla Thunderbird; and yet if I do, Thunderbird totally breaks. I don't dare update it and would like it to stop popping up the message. Can I do that?
How does it break?
When I update, it no longer allows me to use the "self-signed certificate" for MY OWN SERVER! I have tried every single possible way of manually installing the certificate; but it will not allow it. 68.8 allows it just fine with a message that pops up basically saying "do you really trust so and so is so and so" [with because it is my own server, that is asking, "do you trust that you are yourself?" And, yes, I do trust that I am myself, so I click permanently accept the certificate; and it just works. Newer versions stopped working that way; at one point (I believe it was 68.10 or 68.11) I was still able to manually install the certificate; but even that stopped working.
To put for a very apt analogy. Let us say that Thunderbird is a bank for e-mail; it stores e-mail messages; and conducts transactions (deposits/downloads, withdrawals/server deletions, and check processing/connections to servers) with the account owner and those the account owner works with.
A self-signed certificate is literally the same as a person signing their own check and giving it to someone else. The bank is SUPPOSED to process that check; the drawing bank should validate the signature for sure, but the bank that the check is depositing in should have no say. [Thus I have no problem with a warning popping up saying -- do you validate this signature.]
But, can you imagine one day taking your paycheck to the bank and the bank saying "no we will not accept paychecks that aren't notarized." What is the process of notarizing a signature? It is having a third party (a trusted licensed notary public) verify that the person signing (whatever--in this case a bank check) is actually the person they say they are. That is literally what having a third party trusted root certificate signature and chain is doing; it is notarizing the signature on the security certificate.
While that may make sense for someone conducing business with someone that they do not know. It makes no sense for an employer to have to notarize the paychecks for his employees; especially when that is to the tune of several hundred dollars per year. Employees already know who their employer is; and already have established that trust.
Again, when I am providing e-mail only to employees on my company server; there is no reason at all that Thunderbird (which has nothing to do with my business; is simply only the bank account for e-mail transactions) should require me to pay extra money to establish trust that their employer is really their employer.