Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Learn More

Эта тема была архивирована. Если вам нужна помощь, задайте новый вопрос.

Confirm security exception won't confirm certificate for non-matching site

  • 1 ответ
  • 1 имеет эту проблему
  • 15 просмотров
  • Последний ответ от Matt

aathan
aathan
more options

Naturally, the "Confirm Security Exception" dialog comes up when I change the incoming email server from somename.com:993 to 192.168.0.1:993 for a self-hosted email instance. However, accepting the security exception does not cause mail to flow and the same exception dialog is presented the next time I manually fetch email.

It smells as if Thunderbird is not storing the exception relative to the address it used to contact the server, but may be storing the exception based only on the contents of the certificate: The certificate vended by the target server does not mention its private IP address (only somename.com and *.somename.com).

This situation arises when there are DNS issues or other problems requiring direct "by IP address" access to the server. Under such conditions it would be ideal to be able to fetch mail through the raw IP address, but it seems the security exception mechanism is disallowing this. The status on the Thunderbird window just stays on "Connected to <ip address>..." forever, and no mail comes.

Am I right about why this isn't working? If not, any ideas on how to make it work (short of modifying the certificate)? If it is not working for the reason I guessed, doesn't it make sense that it *should* work, and that Thunderbird should remember an exception to accept any arbitrary vended certificate for which a security exception has been confirmed, based on the target IP address?

Naturally, the "Confirm Security Exception" dialog comes up when I change the incoming email server from somename.com:993 to 192.168.0.1:993 for a self-hosted email instance. However, accepting the security exception does not cause mail to flow and the same exception dialog is presented the next time I manually fetch email. It smells as if Thunderbird is not storing the exception relative to the address it used to contact the server, but may be storing the exception based only on the contents of the certificate: The certificate vended by the target server does not mention its private IP address (only somename.com and *.somename.com). This situation arises when there are DNS issues or other problems requiring direct "by IP address" access to the server. Under such conditions it would be ideal to be able to fetch mail through the raw IP address, but it seems the security exception mechanism is disallowing this. The status on the Thunderbird window just stays on "Connected to <ip address>..." forever, and no mail comes. Am I right about why this isn't working? If not, any ideas on how to make it work (short of modifying the certificate)? If it is not working for the reason I guessed, doesn't it make sense that it *should* work, and that Thunderbird should remember an exception to accept any arbitrary vended certificate for which a security exception has been confirmed, based on the target IP address?

Все ответы (1)

Matt
Matt
  • Moderator
  • Top 10 Contributor
more options

The issue will be the self signed certificate used. But then I fail to understand why you would even use encrypted connections to a self hosted mail server. Surely you are confident that your local network is secure. That is after all the firewalls job, to keep outsiders out.