All Products Community Forum

I generated a CSR file via the instructions at https://support.mozilla.org/en-US/kb/instructions-smime-certificate-using-csr#thunderbird:linux:tb145 . After submitting and receiving a certificate from a CA, importing it the People tab of the Certificate Manager does not do anything: nothing new appears in the Your Certificates tab.

Where are the private keys associated to the generated CSRs stored? How can I access them to resolve this?

Running 140.5.0esr via flatpak on Fedora 43 Kinoite.

I have several iterations of installing SMIME on my email account. I know the pf12 file is valid and it works on all my Android systems. However, when I try to send a digitally signed email on Thunderbird under Ubuntu, I get the message that either the SMIME certificate cannot be found or it has expired even though I went through the correct process to install it (and it shows up on the End to End Encryption settings) and when I display it, it indicates an expiry date of 2027. I have also tried to bundle it with the intermediate certificate but I still get the same error. I even tried to create my own personal SMIME certificate and use it (using SSL) and it had the same issue. Anyone have any suggestions?

This is the error I get: "Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired."

Do I need to put the SMIME certificate in a specific folder in order for it to be "re-found"

My e-mail provider has done the annual update of security and provided a new e-mail cert; however, Thunderbird no longer successfully updates it.

Thunderbid gets to the point of confirming the security exception; however, does not proceed.

This is using ThunderBird 140.4.0esr (64-bit) from Ubuntu Snap, on Ubuntu LTS 24.04.3.

Hello,

I am moving over to Thunderbird from outlook. I have about 8 emails with two domains. First email works okay. The second one on the same domain has turned red on the left panel and thunderbird keeps poppoing up the certificate for mail.xxx.com is not valid for the server. The other works I added the exception when setting it up. The mail server is another domain used from my cpanel hosting provider. So it does not match the domain of the emails.

I can't seem to find a way around this to get it to work. Also I under account settings it looks correct. I am thinking this error message is the incoming mail server? I don't see under account setting anything for incoming mail server which on my hosting is the same for incoming and outgoing. Appreciate any help.

Thank you!

Hello everyone,

I am using Firefox latest release (eg 145.0.1).

At https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-support/ , it seems that X25519MLKEM768 is supported since Firefox 132. Do you confirm ?

I ask this question because when I am connecting to https://pq.cloudflareresearch.com/ and activate the network tab before reaching this URL, and looked at the security tab on the right bottom panel, as you can see in the screenshot attached, in the Exchange group keys, I see x25519 and not x25519mlkem768 meaning that Firefox is not PQC ready for key establishment :-(

Best Regards.

Over a month ago I began experiencing an error message when attempting to send emails from my gmail account using Thunderbird (TB). Error msg reads: Sending of the message failed. An error occurred while sending mail. The mail server responded: Must issue a STARTLS command first. For more information go to: https://support.google.com/a/answer/3221692 and review RFC 3207 specifications. 00721157ae682-765bb916a90sm38332507b3.4-gsmtp. Please verify that your email address is correct in your account settings and try again.***While I have looked at all of this, I can't really find a solution I know how to implement.***

I can send emails using Google webmail and when I do, the emails show up in my TB Sent items folder. I'm totally stumped and considering moving to Outlook. But TB has been perfect for me for years and I want to stay with it. Any help will be much appreciated!

I have added my local CA to the Certificate Manager (CA.png). When I try to send, I get the "confirm security exception" message (CertError.png). Viewing the certificate gives the data in Server.png and CACert.png.

The server cert is properly signed: $ openssl verify -CAfile ca-chain.cert.pem Mercury2.i-pi.com587.cert.pem Mercury2.i-pi.com587.cert.pem: OK

Why am I getting the certificate error when the CA is loaded into Thunderbird?

OS: Ubuntu 24.04.2 LTS patched as of just now. Thunderbird: 128.10.2esr (64-bit) Thunderbird is installed by snap: $ sudo snap info thunderbird name: thunderbird summary: Mozilla Thunderbird email application publisher: Canonical✓ store-url: https://snapcraft.io/thunderbird contact: https://www.thunderbird.net/contact/ license: unset description: |

 Thunderbird is a free email application that’s easy to set up and customize
 - and it’s loaded with great features!

commands:

 - thunderbird

snap-id: k1Ml1O9GzSO2QftV0ZlWSbUfQ78nN460 tracking: latest/stable refresh-date: 3 days ago, at 10:48 MDT channels:

 latest/stable:    128.10.2esr-1 2025-05-23 (734) 220MB -
 latest/candidate: 128.11.0esr-1 2025-05-23 (735) 220MB -
 latest/beta:      139.0b4-2     2025-05-20 (731) 236MB -
 latest/edge:      ↑                                    

installed: 128.10.2esr-1 (734) 220MB -

I have an email account with multiple identities (aliases), some of which I would like to add under the same OpenPGP key that I'm using for the main identity. I couldn't find any option in the OpenPGP Key Manager in Thunderbird which would allow me to add identities to the key. How should I go about doing this?

Здравствуйте, мы пользуемся программой Kaspersky Security Center, у нас возникла проблема. После изменения политики, постоянно меняется самоподписные сертификаты почты (Thunderbird) и каждый раз приходится подтверждать их заново. Просьба оказать помощь в решение данной проблемы.

________________________________________________________________ Hello, we are using the Kaspersky Security Center program, and we have a problem. After changing the policy, the self-signed mail certificates (Thunderbird) are constantly changing, and we have to re-verify them every time. Please help us resolve this issue.

I have Thunderbird 128.5.2esr and my email SMIME certificates are not assigned correctly when I send them to GMX. What can I do, are there bugs? 1) Select Cert Screencopy of SELECTION 2) err msg: Err-MSG at sending

I wish to send an encrypted email. I have imported and accepted the recipient's public key.

When I compose an email to this recipient, the "encrypt" button is disabled.

Also, the security button mentioned in this article is not present on the compose toolbar, or anywhere for that matter https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_how-do-i-send-an-encrypted-or-digitally-signed-email

Windows 11.

Any idea how to fix this?

gmail via IMAP will no longer send or receive normally as of yesterday. No changes on my end.

Receive attempts - nothing happens Send attempts. This message: Sending of the message failed. Peer’s Certificate issuer is not recognized. The configuration related to smtp.gmail.com must be corrected.

The sent mail does not show in sent mailbox, but it does go through.

Thunderbird is in my list of 3rd party apps allowed access in Google account.

I can't send mail via smtp.comcast.net. I can connect to IMAP and get mail, and I can send from my iphone and (new) Outlook. Running TB v142.0 (64 bit) on Windows 11. Issue is reproducible on second system. When I try to send mail, client tries for 1 minute, then times out with "Sending of the message failed. The message could not be sent because the connection to Outgoing server (SMTP) smtp.comcast.net timed out. Try again."

TB log says: 14:17:11.775 1756750631775 addons.xpi WARN Checking C:\Program Files\Mozilla Thunderbird\distribution\extensions for addons 14:19:37.714 mailnews.smtp: New client instance SmtpClient.sys.mjs:121:17 14:19:37.716 mailnews.smtp: Connecting to smtp://smtp.comcast.net:587 SmtpClient.sys.mjs:141:19 14:19:37.799 mailnews.smtp: Connected SmtpClient.sys.mjs:429:17 14:20:39.211 mailnews.smtp: NetworkError: a Network error occurred SmtpClient.sys.mjs:476:17

   _onError resource:///modules/SmtpClient.sys.mjs:476

14:20:39.212 mailnews.smtp: Socket closed. SmtpClient.sys.mjs:550:17 14:20:39.214 mailnews.smtp: SecurityError info: PR_END_OF_FILE_ERROR SmtpClient.sys.mjs:491:21 14:20:39.245 mailnews.send: Sending failed; The message could not be sent because the connection to Outgoing server (SMTP) smtp.comcast.net timed out. Try again., exitCode=2152398868, originalMsgURI=imap-message://mgiul%40comcast.net@imap.comcast.net/Drafts#57692 MessageSend.sys.mjs:343:32

smtp.comcast.net is using a self-signed cert. Is this the problem? C:\Users\rchar>openssl s_client -starttls smtp -connect smtp.comcast.net:587 Connecting to 96.103.145.180 CONNECTED(000001F8) depth=3 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services verify error:num=19:self-signed certificate in certificate chain verify return:1 depth=3 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services verify return:1 depth=2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority verify return:1 depth=1 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA verify return:1 depth=0 C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net verify return:1 --- Certificate chain

0 s:C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net
  i:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA
  a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
  v:NotBefore: Jan  6 00:00:00 2025 GMT; NotAfter: Jan  6 23:59:59 2026 GMT
1 s:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA
  i:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  a:PKEY: RSA, 2048 (bit); sigalg: sha384WithRSAEncryption
  v:NotBefore: Feb 12 00:00:00 2014 GMT; NotAfter: Feb 11 23:59:59 2029 GMT
2 s:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  a:PKEY: RSA, 4096 (bit); sigalg: sha384WithRSAEncryption
  v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
3 s:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  a:PKEY: RSA, 2048 (bit); sigalg: sha1WithRSAEncryption
  v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT

--- Server certificate

MIIHATCCBemgAwIBAgIRAJUASDPOQisnR1zo9CfhXcYwDQYJKoZIhvcNAQELBQAw gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD VQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBT ZXJ2ZXIgQ0EwHhcNMjUwMTA2MDAwMDAwWhcNMjYwMTA2MjM1OTU5WjBdMQswCQYD VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRwwGgYDVQQKExNDb21jYXN0 IENvcnBvcmF0aW9uMRkwFwYDVQQDExBzbXRwLmNvbWNhc3QubmV0MIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLkgKQUqw4MylCObwwzTyFkIoMN/NRNl 6EY0zS+sjlYMFPplSULdfqs1tEcWZhCs+u1EkJN9+/juCtzeZ9c73yx8nTph0/KZ 5ri9t55yu5xhtuDv2WsMJmqcTOHPXRSZt7abpsvNfxCb6IG2YdPrBNqPyZPEJ6jn h3CY3qBbsreL4iR+UEGunSJAg2mRXHhx0/aYN3CTUetOcSBzIwoFXPklptWCcm5V knK+BWqFtKlyt6nHW/o2qK74nLDgKNUgxR9pG/Bw48ZER1emGsNlN2RVyOBtoAAG 15x4vD2iFBVEe9A0q9HOJc9bGSNb6zuU4ZpCb+RpNq3kkqJCpS6aJwIDAQABo4ID gDCCA3wwHwYDVR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtCwSQwHQYDVR0OBBYE FHz0nGUjqJ0rg0OQFz/hLkJ581OVMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBBMDUG DCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29t L0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21v ZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNl cnZlckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8v Y3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9u U2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v ZG9jYS5jb20wggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AJaXZL9VWJet90OH aDcIQnfp8DrV9qTzNm5GpD8PyqnGAAABlDwZ58gAAAQDAEcwRQIhAOgI6NbRS4t6 9XvPVbmFixPHyFJXDqU60dv5r+RB9Y9YAiAwlfQhXe45ccND3T5te2KryuxvRhzW aBO3oIS6ixw6DAB3ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+uzl1wQS0lTMfUAAAB lDwZ56oAAAQDAEgwRgIhAKmynGx19jBgk4Xy/eChCKjR/vpOtCH16470/jJyY6Yy AiEAkwlRN7Cn1AN20CGjNowsJ2PBaqNOk/u297W/RttgBKMAdwDLOPcViXyEoURf W8Hd+8lu8ppZzUcKaQWFsMsUwxRY5wAAAZQ8GefaAAAEAwBIMEYCIQDyR2Zz3Spd 0Gul6Z2dJa15aUEiEaW7KEAtbCcqz/zoLwIhAIV8YxWeI8rVaAvdl9kWquejUOTx M2G4iYjeZINb1VMgMEMGA1UdEQQ8MDqCEHNtdHAuY29tY2FzdC5uZXSCEHNtdHAu eGZpbml0eS5jb22CFHd3dy5zbXRwLmNvbWNhc3QubmV0MA0GCSqGSIb3DQEBCwUA A4IBAQBgn3Z51e8DZ/bO/AFqc22A4e5EqfUx4y6itcaz3mnQcU9pAsA/LK/WeY+e PtHIkWNKFlysJSbU2ByJ/6+bnebalXgRZ3sAeB2Z7UIUIHEjhcEQE2s4CxAXBiI7 SgqWjrw/Qj+AOghhMwayhIjmnNk34MmyY4f9KsAC6fIEn9ypCxuaN4lrwZcmS8iK o6PRho6pd837BEaRNIZBQpI/8WKxoKsNOu8bw8FwX/Zn8q+1oPo+0sQkmSmWOruu l8tlq8boA5R6YSBWek8hxmEZppvBs55wfNCnr2DQ4CgAREJZMKt6PIiKlgQ9r58b OSb5otnW7xsrx3SKM2zlvRA5mhfL

subject=C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net issuer=C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: rsa_pss_rsae_sha256 Peer Temp Key: X25519, 253 bits --- SSL handshake has read 6708 bytes and written 1662 bytes Verification error: self-signed certificate in certificate chain --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 19 (self-signed certificate in certificate chain) --- 250 OK --- Post-Handshake New Session Ticket arrived: SSL-Session:

   Protocol  : TLSv1.3
   Cipher    : TLS_AES_256_GCM_SHA384
   Session-ID: 27FBCE0D025BF752A9F038657257E923F1E5560B92BB78A47C5C9E0FFFDBEF7B
   Session-ID-ctx:
   Resumption PSK: FAFF92690FBEDF157D2856329FDABB033F2A0948C5A0F668E4B69C197EC6E52B8DE8A676EA4A78EAEEED7E90C4935DEC
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   TLS session ticket lifetime hint: 300 (seconds)
   TLS session ticket:
   0000 - 97 cc 16 34 49 69 e3 c2-8f 6b ab cb e0 53 cb c1   ...4Ii...k...S..
   0010 - e0 31 10 bf c8 94 c5 d1-59 2b 3e 84 f7 63 44 be   .1......Y+>..cD.
   0020 - 3e d6 69 b0 d4 10 7a 1a-4f 6a da 21 91 6b 34 f2   >.i...z.Oj.!.k4.
   0030 - 1c 2c df cc 5f ee b5 ce-4c 71 49 b0 28 d6 7b 92   .,.._...LqI.(.{.
   0040 - 9e 6a dd bb 93 ca 9e 44-80 1f df ec f7 e4 95 04   .j.....D........
   0050 - 7c c1 6b 1d 86 59 7c 18-7d 98 41 0d 04 a1 f1 ae   |.k..Y|.}.A.....
   0060 - 7b 6d 68 ad 68 a6 b2 32-95 71 d3 89 09 ea 28 7c   {mh.h..2.q....(|
   0070 - ee 8f 67 1e ab e6 09 d7-5d c6 67 0d 0e 63 7b 24   ..g.....].g..c{$
   0080 - 87 cc fb eb 8f a8 c6 67-60 d2 70 e6 58 93 06 d0   .......g`.p.X...
   0090 - 1f ef 95 15 53 92 95 19-85 76 91 26 7c a1 9e 96   ....S....v.&|...
   00a0 - 12 9d bd b2 a9 38 45 05-a5 28 14 65 4c ac c0 6d   .....8E..(.eL..m
   00b0 - c6 65 e7 b8 4b ff 0c dd-58 82 c9 c5 de 8d 64 ab   .e..K...X.....d.
   00c0 - f4 59 c5 5c bc bd c2 e9-34 2a d7 a7 99 21 97 60   .Y.\....4*...!.`

   Start Time: 1756752732
   Timeout   : 7200 (sec)
   Verify return code: 19 (self-signed certificate in certificate chain)
   Extended master secret: no
   Max Early Data: 0

--- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session:

   Protocol  : TLSv1.3
   Cipher    : TLS_AES_256_GCM_SHA384
   Session-ID: 13DA31F60D1C9A3207FFEA54D2CEC29BB0D44016068E3E79A18492F695B02E80
   Session-ID-ctx:
   Resumption PSK: 44D18B4AEB19CDEBA968E3BD867C3B0167C07C61DC3091072882660FC234D4B3B071B663546C5B4AC3E53A6A5C206A9B
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   TLS session ticket lifetime hint: 300 (seconds)
   TLS session ticket:
   0000 - 97 cc 16 34 49 69 e3 c2-8f 6b ab cb e0 53 cb c1   ...4Ii...k...S..
   0010 - 09 52 42 f9 c9 f7 bc 99-5a b5 73 e3 9b b8 1c 91   .RB.....Z.s.....
   0020 - 16 f5 ea 33 20 29 e1 59-79 65 46 0a 4b ad b7 fe   ...3 ).YyeF.K...
   0030 - b4 aa b7 7b f8 57 36 10-71 09 19 c6 d2 64 c4 8a   ...{.W6.q....d..
   0040 - 47 f6 28 4b 62 9e be ca-d9 16 1a e7 df 7d 51 f7   G.(Kb........}Q.
   0050 - f6 66 04 fe 37 cf 0c bb-4f d8 d3 1b d6 06 be d0   .f..7...O.......
   0060 - 21 ee 9e 65 ac a3 18 80-31 b7 17 5b 23 d2 9d 4e   !..e....1..[#..N
   0070 - 57 f7 b0 66 01 5f cc c5-a1 a5 96 ee d2 d8 55 ed   W..f._........U.
   0080 - 5b 91 86 da 91 d5 3d 17-36 bd a5 97 58 ab fb ad   [.....=.6...X...
   0090 - eb eb 38 5e fd e3 7a 13-b9 f8 5c 14 f5 80 3a 72   ..8^..z...\...:r
   00a0 - 52 66 d9 23 8c a3 50 5c-3c e5 fc cb 22 21 11 3f   Rf.#..P\<..."!.?
   00b0 - a6 71 87 67 8b 33 8e b0-0a 65 46 f6 df 7a f0 f3   .q.g.3...eF..z..
   00c0 - 04 4e cf 22 ad 4d 45 69-53 9c 45 56 df 07 ae e3   .N.".MEiS.EV....

   Start Time: 1756752732
   Timeout   : 7200 (sec)
   Verify return code: 19 (self-signed certificate in certificate chain)
   Extended master secret: no
   Max Early Data: 0

--- read R BLOCK closed

C:\Users\rchar>

After I did the 128.5.2esr update, none of my email accounts can get email with SSL/TLS on. It won't even try the server with SSL/TLS on. If I turn it off, then it can get mail. When I try to change to STARTTLS it will just hang showing checking server capabilities. Some accounts are imap and some POP3

Running Windows 10, version 22H2 updated 12/10/2024 OS Builds 19044.5247 and 19045.5247

Gmail works fine. I've tried the just about all of the things I have found online, but no luck.

Any suggestions? In the past I rolled back to a working version and that fixed it, but it hasn't worked this time. Would removing all of the certificates fix it? Didn't want to take that chance until I threw it out out here!

Thank you!

I see this question was asked before (https://support.mozilla.org/en-US/questions/1415951) but the thread is now archived and I don't think the concern of the poster was understood/answered.

Your Thunderbird profile contains all the credentials needed to "be you" by having full access to all linked email accounts. In order to protect these accounts a Private Password can be created. It prevents someone trying to use Thunderbird as you (using your profile) from seeing the passwords or establishing connections to the email servers.

The question I have (and I believe was being asked) is, does using a Private Password actually encrypt the account credentials, or does it just block someone when they're using the Thunderbird program? Asked another way, would a bad actor with access to the profile and access to appropriate sleuthing tools be able to recover the credentials--from the files alone--thus bypassing the private password of the Thunderbird program?

Hello,

I just did a full windows defender scan and it turns out Trojan:Script/Wacatac.H!ml popped up when it was done and it said the files affected were:

containerfile: C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\.default-release\cache2\entries\InsertHashHere

file: C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\.default-release\cache2\entries\InsertHashHere->(GZip)

I removed the hashes or whatever they were behind the entries, I was wondering if this was a false positive? I didn't notice any slowed down or hacked accounts, also windows defender quarantined it. I've also reinstalled Firefox and deleted all folders associated with Mozilla in AppData.

Add Security Exception? I can't send any outgoing email messages. I now get a warning alert after hitting Send entitled "Add Security Exception". It says further, "You are about to override how Thunderbird identifies this site." And, "Legitimate banks, stores and other public sites will not ask you to do this." My email provider is Earthlink and the alert identifies the server location as, "smtpauth.earthlink.net:587" and says, "This site attempts to identify itself with invalid information. Unknown Identity. The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature."

That only available options are, "Confirm Security Exception" and "Cancel". Selection of either option brings up the same next alert, "Send Message Error", "Sending of the message failed. Peer's Certificate issuer isn't recognized. The configuration related to smtpauth.earthlink.net must be corrected."

I didn't intentionally change any settings or receive any notification from Earthlink to that effect, so I don't know why any of these protocols would have changed. I can view the smtpauth.earthlink.net certificate but I don't know how to copy it or attach it for diagnostic purposes. Can anyone provide insight regarding what is going on here and how to resolve it? Any solutions will be greatest appreciated.