Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More
This thread was archived. اگر به کمک نیاز دارید لطفاً یک سؤال بپرسید.
حل شده Archived

Local CA being ignored

Thunderbird Encryption
kingham1 replied
kingham1
kingham1

I have added my local CA to the Certificate Manager (CA.png). When I try to send, I get the "confirm security exception" message (CertError.png). Viewing the certificate gives the data in Server.png and CACert.png.

The server cert is properly signed: $ openssl verify -CAfile ca-chain.cert.pem Mercury2.i-pi.com587.cert.pem Mercury2.i-pi.com587.cert.pem: OK

Why am I getting the certificate error when the CA is loaded into Thunderbird?

OS: Ubuntu 24.04.2 LTS patched as of just now. Thunderbird: 128.10.2esr (64-bit) Thunderbird is installed by snap: $ sudo snap info thunderbird name: thunderbird summary: Mozilla Thunderbird email application publisher: Canonical✓ store-url: https://snapcraft.io/thunderbird contact: https://www.thunderbird.net/contact/ license: unset description: | 

 Thunderbird is a free email application that’s easy to set up and customize
 - and it’s loaded with great features!

commands: 

 - thunderbird

snap-id: k1Ml1O9GzSO2QftV0ZlWSbUfQ78nN460 tracking: latest/stable refresh-date: 3 days ago, at 10:48 MDT channels: 

 latest/stable:    128.10.2esr-1 2025-05-23 (734) 220MB -
 latest/candidate: 128.11.0esr-1 2025-05-23 (735) 220MB -
 latest/beta:      139.0b4-2     2025-05-20 (731) 236MB -
 latest/edge:      ↑

installed: 128.10.2esr-1 (734) 220MB -

I have added my local CA to the Certificate Manager (CA.png). When I try to send, I get the "confirm security exception" message (CertError.png). Viewing the certificate gives the data in Server.png and CACert.png. The server cert is properly signed: $ openssl verify -CAfile ca-chain.cert.pem Mercury2.i-pi.com587.cert.pem Mercury2.i-pi.com587.cert.pem: OK Why am I getting the certificate error when the CA is loaded into Thunderbird? OS: Ubuntu 24.04.2 LTS patched as of just now. Thunderbird: 128.10.2esr (64-bit) Thunderbird is installed by snap: $ sudo snap info thunderbird name: thunderbird summary: Mozilla Thunderbird email application publisher: Canonical✓ store-url: https://snapcraft.io/thunderbird contact: https://www.thunderbird.net/contact/ license: unset description: | Thunderbird is a free email application that’s easy to set up and customize - and it’s loaded with great features! commands: - thunderbird snap-id: k1Ml1O9GzSO2QftV0ZlWSbUfQ78nN460 tracking: latest/stable refresh-date: 3 days ago, at 10:48 MDT channels: latest/stable: 128.10.2esr-1 2025-05-23 (734) 220MB - latest/candidate: 128.11.0esr-1 2025-05-23 (735) 220MB - latest/beta: 139.0b4-2 2025-05-20 (731) 236MB - latest/edge: ↑ installed: 128.10.2esr-1 (734) 220MB -
Attached screenshots

All Replies (2)

christ1
christ1
  • Top 25 Contributor
  • Moderator

Chosen Solution

Modern web browsers (and email clients) and applications generally do not rely on the Common Name (CN) for hostname validation. Instead, they primarily use the Subject Alternative Name (SAN) extension. You may want to try to issue a new server cert with a SAN.

kingham1
kingham1 Question owner

Solved the problem. Thank you.