Komunitné fórum Všetky produkty

Hello,

I have read this one https://support.mozilla.org/en-US/kb/openpgp-thunderbird-android-howto and I was aiming for additional detailed info on a specific step in the "Select an encryption key or create a new key" section.

From Thunderbird Desktop I can already send/receive encrypted emails from a specific email account and I have exported, on my laptop, my private and public keys as well as the public keys of some contacts.

On my Android phone I have Thunderbird for Android (version 14) already set up for the same email account and, in order to start using email encryption, I understood from the above link that I first need to install OpenKeychain and then, from the image in step 2 of "Select an encryption key or create a new key" and from the text of the subsequent step 3, that I'll need to choose "I already have a key. Import end-to-end key from other device" and then, if I got it right, try to find the keys which I exported on my laptop from Thunderbird Desktop.

Are there any precise details on how to find those exported keys and load them into OpenKeychain? Meaning, for instance, do I need to copy/paste the keys from my laptop into the archive of my Android phone and then direct Thunderbird/OpenKeychain to that location to pick them up?

Any type of details/links/docs/videos with respect to this, will be useful. As well as any explanations in case I understood wrongly and what I am trying to do is not the proper way to proceed.

Please note: I am not an expert.

Thank you

Best Regards

I generated a CSR file via the instructions at https://support.mozilla.org/en-US/kb/instructions-smime-certificate-using-csr#thunderbird:linux:tb145 . After submitting and receiving a certificate from a CA, importing it the People tab of the Certificate Manager does not do anything: nothing new appears in the Your Certificates tab.

Where are the private keys associated to the generated CSRs stored? How can I access them to resolve this?

Running 140.5.0esr via flatpak on Fedora 43 Kinoite.

Hello everyone,

I am using Firefox latest release (eg 145.0.1).

At https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-support/ , it seems that X25519MLKEM768 is supported since Firefox 132. Do you confirm ?

I ask this question because when I am connecting to https://pq.cloudflareresearch.com/ and activate the network tab before reaching this URL, and looked at the security tab on the right bottom panel, as you can see in the screenshot attached, in the Exchange group keys, I see x25519 and not x25519mlkem768 meaning that Firefox is not PQC ready for key establishment :-(

Best Regards.

My e-mail provider has done the annual update of security and provided a new e-mail cert; however, Thunderbird no longer successfully updates it.

Thunderbid gets to the point of confirming the security exception; however, does not proceed.

This is using ThunderBird 140.4.0esr (64-bit) from Ubuntu Snap, on Ubuntu LTS 24.04.3.

I have several iterations of installing SMIME on my email account. I know the pf12 file is valid and it works on all my Android systems. However, when I try to send a digitally signed email on Thunderbird under Ubuntu, I get the message that either the SMIME certificate cannot be found or it has expired even though I went through the correct process to install it (and it shows up on the End to End Encryption settings) and when I display it, it indicates an expiry date of 2027. I have also tried to bundle it with the intermediate certificate but I still get the same error. I even tried to create my own personal SMIME certificate and use it (using SSL) and it had the same issue. Anyone have any suggestions?

This is the error I get: "Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired."

Do I need to put the SMIME certificate in a specific folder in order for it to be "re-found"

Hello,

I am moving over to Thunderbird from outlook. I have about 8 emails with two domains. First email works okay. The second one on the same domain has turned red on the left panel and thunderbird keeps poppoing up the certificate for mail.xxx.com is not valid for the server. The other works I added the exception when setting it up. The mail server is another domain used from my cpanel hosting provider. So it does not match the domain of the emails.

I can't seem to find a way around this to get it to work. Also I under account settings it looks correct. I am thinking this error message is the incoming mail server? I don't see under account setting anything for incoming mail server which on my hosting is the same for incoming and outgoing. Appreciate any help.

Thank you!

Over a month ago I began experiencing an error message when attempting to send emails from my gmail account using Thunderbird (TB). Error msg reads: Sending of the message failed. An error occurred while sending mail. The mail server responded: Must issue a STARTLS command first. For more information go to: https://support.google.com/a/answer/3221692 and review RFC 3207 specifications. 00721157ae682-765bb916a90sm38332507b3.4-gsmtp. Please verify that your email address is correct in your account settings and try again.***While I have looked at all of this, I can't really find a solution I know how to implement.***

I can send emails using Google webmail and when I do, the emails show up in my TB Sent items folder. I'm totally stumped and considering moving to Outlook. But TB has been perfect for me for years and I want to stay with it. Any help will be much appreciated!

I can't send mail via smtp.comcast.net. I can connect to IMAP and get mail, and I can send from my iphone and (new) Outlook. Running TB v142.0 (64 bit) on Windows 11. Issue is reproducible on second system. When I try to send mail, client tries for 1 minute, then times out with "Sending of the message failed. The message could not be sent because the connection to Outgoing server (SMTP) smtp.comcast.net timed out. Try again."

TB log says: 14:17:11.775 1756750631775 addons.xpi WARN Checking C:\Program Files\Mozilla Thunderbird\distribution\extensions for addons 14:19:37.714 mailnews.smtp: New client instance SmtpClient.sys.mjs:121:17 14:19:37.716 mailnews.smtp: Connecting to smtp://smtp.comcast.net:587 SmtpClient.sys.mjs:141:19 14:19:37.799 mailnews.smtp: Connected SmtpClient.sys.mjs:429:17 14:20:39.211 mailnews.smtp: NetworkError: a Network error occurred SmtpClient.sys.mjs:476:17

   _onError resource:///modules/SmtpClient.sys.mjs:476

14:20:39.212 mailnews.smtp: Socket closed. SmtpClient.sys.mjs:550:17 14:20:39.214 mailnews.smtp: SecurityError info: PR_END_OF_FILE_ERROR SmtpClient.sys.mjs:491:21 14:20:39.245 mailnews.send: Sending failed; The message could not be sent because the connection to Outgoing server (SMTP) smtp.comcast.net timed out. Try again., exitCode=2152398868, originalMsgURI=imap-message://mgiul%40comcast.net@imap.comcast.net/Drafts#57692 MessageSend.sys.mjs:343:32

smtp.comcast.net is using a self-signed cert. Is this the problem? C:\Users\rchar>openssl s_client -starttls smtp -connect smtp.comcast.net:587 Connecting to 96.103.145.180 CONNECTED(000001F8) depth=3 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services verify error:num=19:self-signed certificate in certificate chain verify return:1 depth=3 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services verify return:1 depth=2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority verify return:1 depth=1 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA verify return:1 depth=0 C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net verify return:1 --- Certificate chain

0 s:C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net
  i:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA
  a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
  v:NotBefore: Jan  6 00:00:00 2025 GMT; NotAfter: Jan  6 23:59:59 2026 GMT
1 s:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA
  i:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  a:PKEY: RSA, 2048 (bit); sigalg: sha384WithRSAEncryption
  v:NotBefore: Feb 12 00:00:00 2014 GMT; NotAfter: Feb 11 23:59:59 2029 GMT
2 s:C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  a:PKEY: RSA, 4096 (bit); sigalg: sha384WithRSAEncryption
  v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
3 s:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  a:PKEY: RSA, 2048 (bit); sigalg: sha1WithRSAEncryption
  v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT

--- Server certificate

MIIHATCCBemgAwIBAgIRAJUASDPOQisnR1zo9CfhXcYwDQYJKoZIhvcNAQELBQAw gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD VQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBT ZXJ2ZXIgQ0EwHhcNMjUwMTA2MDAwMDAwWhcNMjYwMTA2MjM1OTU5WjBdMQswCQYD VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRwwGgYDVQQKExNDb21jYXN0 IENvcnBvcmF0aW9uMRkwFwYDVQQDExBzbXRwLmNvbWNhc3QubmV0MIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLkgKQUqw4MylCObwwzTyFkIoMN/NRNl 6EY0zS+sjlYMFPplSULdfqs1tEcWZhCs+u1EkJN9+/juCtzeZ9c73yx8nTph0/KZ 5ri9t55yu5xhtuDv2WsMJmqcTOHPXRSZt7abpsvNfxCb6IG2YdPrBNqPyZPEJ6jn h3CY3qBbsreL4iR+UEGunSJAg2mRXHhx0/aYN3CTUetOcSBzIwoFXPklptWCcm5V knK+BWqFtKlyt6nHW/o2qK74nLDgKNUgxR9pG/Bw48ZER1emGsNlN2RVyOBtoAAG 15x4vD2iFBVEe9A0q9HOJc9bGSNb6zuU4ZpCb+RpNq3kkqJCpS6aJwIDAQABo4ID gDCCA3wwHwYDVR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtCwSQwHQYDVR0OBBYE FHz0nGUjqJ0rg0OQFz/hLkJ581OVMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBBMDUG DCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29t L0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21v ZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNl cnZlckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8v Y3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9u U2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v ZG9jYS5jb20wggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AJaXZL9VWJet90OH aDcIQnfp8DrV9qTzNm5GpD8PyqnGAAABlDwZ58gAAAQDAEcwRQIhAOgI6NbRS4t6 9XvPVbmFixPHyFJXDqU60dv5r+RB9Y9YAiAwlfQhXe45ccND3T5te2KryuxvRhzW aBO3oIS6ixw6DAB3ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+uzl1wQS0lTMfUAAAB lDwZ56oAAAQDAEgwRgIhAKmynGx19jBgk4Xy/eChCKjR/vpOtCH16470/jJyY6Yy AiEAkwlRN7Cn1AN20CGjNowsJ2PBaqNOk/u297W/RttgBKMAdwDLOPcViXyEoURf W8Hd+8lu8ppZzUcKaQWFsMsUwxRY5wAAAZQ8GefaAAAEAwBIMEYCIQDyR2Zz3Spd 0Gul6Z2dJa15aUEiEaW7KEAtbCcqz/zoLwIhAIV8YxWeI8rVaAvdl9kWquejUOTx M2G4iYjeZINb1VMgMEMGA1UdEQQ8MDqCEHNtdHAuY29tY2FzdC5uZXSCEHNtdHAu eGZpbml0eS5jb22CFHd3dy5zbXRwLmNvbWNhc3QubmV0MA0GCSqGSIb3DQEBCwUA A4IBAQBgn3Z51e8DZ/bO/AFqc22A4e5EqfUx4y6itcaz3mnQcU9pAsA/LK/WeY+e PtHIkWNKFlysJSbU2ByJ/6+bnebalXgRZ3sAeB2Z7UIUIHEjhcEQE2s4CxAXBiI7 SgqWjrw/Qj+AOghhMwayhIjmnNk34MmyY4f9KsAC6fIEn9ypCxuaN4lrwZcmS8iK o6PRho6pd837BEaRNIZBQpI/8WKxoKsNOu8bw8FwX/Zn8q+1oPo+0sQkmSmWOruu l8tlq8boA5R6YSBWek8hxmEZppvBs55wfNCnr2DQ4CgAREJZMKt6PIiKlgQ9r58b OSb5otnW7xsrx3SKM2zlvRA5mhfL

subject=C=US, ST=Pennsylvania, O=Comcast Corporation, CN=smtp.comcast.net issuer=C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: rsa_pss_rsae_sha256 Peer Temp Key: X25519, 253 bits --- SSL handshake has read 6708 bytes and written 1662 bytes Verification error: self-signed certificate in certificate chain --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Protocol: TLSv1.3 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 19 (self-signed certificate in certificate chain) --- 250 OK --- Post-Handshake New Session Ticket arrived: SSL-Session:

   Protocol  : TLSv1.3
   Cipher    : TLS_AES_256_GCM_SHA384
   Session-ID: 27FBCE0D025BF752A9F038657257E923F1E5560B92BB78A47C5C9E0FFFDBEF7B
   Session-ID-ctx:
   Resumption PSK: FAFF92690FBEDF157D2856329FDABB033F2A0948C5A0F668E4B69C197EC6E52B8DE8A676EA4A78EAEEED7E90C4935DEC
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   TLS session ticket lifetime hint: 300 (seconds)
   TLS session ticket:
   0000 - 97 cc 16 34 49 69 e3 c2-8f 6b ab cb e0 53 cb c1   ...4Ii...k...S..
   0010 - e0 31 10 bf c8 94 c5 d1-59 2b 3e 84 f7 63 44 be   .1......Y+>..cD.
   0020 - 3e d6 69 b0 d4 10 7a 1a-4f 6a da 21 91 6b 34 f2   >.i...z.Oj.!.k4.
   0030 - 1c 2c df cc 5f ee b5 ce-4c 71 49 b0 28 d6 7b 92   .,.._...LqI.(.{.
   0040 - 9e 6a dd bb 93 ca 9e 44-80 1f df ec f7 e4 95 04   .j.....D........
   0050 - 7c c1 6b 1d 86 59 7c 18-7d 98 41 0d 04 a1 f1 ae   |.k..Y|.}.A.....
   0060 - 7b 6d 68 ad 68 a6 b2 32-95 71 d3 89 09 ea 28 7c   {mh.h..2.q....(|
   0070 - ee 8f 67 1e ab e6 09 d7-5d c6 67 0d 0e 63 7b 24   ..g.....].g..c{$
   0080 - 87 cc fb eb 8f a8 c6 67-60 d2 70 e6 58 93 06 d0   .......g`.p.X...
   0090 - 1f ef 95 15 53 92 95 19-85 76 91 26 7c a1 9e 96   ....S....v.&|...
   00a0 - 12 9d bd b2 a9 38 45 05-a5 28 14 65 4c ac c0 6d   .....8E..(.eL..m
   00b0 - c6 65 e7 b8 4b ff 0c dd-58 82 c9 c5 de 8d 64 ab   .e..K...X.....d.
   00c0 - f4 59 c5 5c bc bd c2 e9-34 2a d7 a7 99 21 97 60   .Y.\....4*...!.`

   Start Time: 1756752732
   Timeout   : 7200 (sec)
   Verify return code: 19 (self-signed certificate in certificate chain)
   Extended master secret: no
   Max Early Data: 0

--- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session:

   Protocol  : TLSv1.3
   Cipher    : TLS_AES_256_GCM_SHA384
   Session-ID: 13DA31F60D1C9A3207FFEA54D2CEC29BB0D44016068E3E79A18492F695B02E80
   Session-ID-ctx:
   Resumption PSK: 44D18B4AEB19CDEBA968E3BD867C3B0167C07C61DC3091072882660FC234D4B3B071B663546C5B4AC3E53A6A5C206A9B
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   TLS session ticket lifetime hint: 300 (seconds)
   TLS session ticket:
   0000 - 97 cc 16 34 49 69 e3 c2-8f 6b ab cb e0 53 cb c1   ...4Ii...k...S..
   0010 - 09 52 42 f9 c9 f7 bc 99-5a b5 73 e3 9b b8 1c 91   .RB.....Z.s.....
   0020 - 16 f5 ea 33 20 29 e1 59-79 65 46 0a 4b ad b7 fe   ...3 ).YyeF.K...
   0030 - b4 aa b7 7b f8 57 36 10-71 09 19 c6 d2 64 c4 8a   ...{.W6.q....d..
   0040 - 47 f6 28 4b 62 9e be ca-d9 16 1a e7 df 7d 51 f7   G.(Kb........}Q.
   0050 - f6 66 04 fe 37 cf 0c bb-4f d8 d3 1b d6 06 be d0   .f..7...O.......
   0060 - 21 ee 9e 65 ac a3 18 80-31 b7 17 5b 23 d2 9d 4e   !..e....1..[#..N
   0070 - 57 f7 b0 66 01 5f cc c5-a1 a5 96 ee d2 d8 55 ed   W..f._........U.
   0080 - 5b 91 86 da 91 d5 3d 17-36 bd a5 97 58 ab fb ad   [.....=.6...X...
   0090 - eb eb 38 5e fd e3 7a 13-b9 f8 5c 14 f5 80 3a 72   ..8^..z...\...:r
   00a0 - 52 66 d9 23 8c a3 50 5c-3c e5 fc cb 22 21 11 3f   Rf.#..P\<..."!.?
   00b0 - a6 71 87 67 8b 33 8e b0-0a 65 46 f6 df 7a f0 f3   .q.g.3...eF..z..
   00c0 - 04 4e cf 22 ad 4d 45 69-53 9c 45 56 df 07 ae e3   .N.".MEiS.EV....

   Start Time: 1756752732
   Timeout   : 7200 (sec)
   Verify return code: 19 (self-signed certificate in certificate chain)
   Extended master secret: no
   Max Early Data: 0

--- read R BLOCK closed

C:\Users\rchar>

I have an email account with multiple identities (aliases), some of which I would like to add under the same OpenPGP key that I'm using for the main identity. I couldn't find any option in the OpenPGP Key Manager in Thunderbird which would allow me to add identities to the key. How should I go about doing this?

Здравствуйте, мы пользуемся программой Kaspersky Security Center, у нас возникла проблема. После изменения политики, постоянно меняется самоподписные сертификаты почты (Thunderbird) и каждый раз приходится подтверждать их заново. Просьба оказать помощь в решение данной проблемы.

________________________________________________________________ Hello, we are using the Kaspersky Security Center program, and we have a problem. After changing the policy, the self-signed mail certificates (Thunderbird) are constantly changing, and we have to re-verify them every time. Please help us resolve this issue.

Bonjour

Depuis quelques jours je rencontre le message suivant:

L’envoi du message a échoué. Une erreur est survenue lors de l’envoi de l’e-mail. Le serveur e-mail a répondu : 1jHjuyBzCXgNw StartTLS obligatoire. StartTLS mandatory.OFR303_199 [199]. Veuillez vérifier que votre adresse e-mail dans les paramètres du compte est correcte et essayer à nouveau.

Dans les paramètres du compte tout semble OK Merci pour votre aide Cordialement

I am able to receive emails on Thunderbird but I am not able to send emails to anybody from Thunderbird. That happens on two computers I have. I am able to send emails from Outlook. Therefore, it is not my email provider's (BluePeak) problem. When I try to send an email from Thunderbird, I receive the following error message: “Sending the message failed. SSL received a record with an incorrect Message Authorization Code. The configuration related to must be corrected.”

Please help me resolve this issue. Thank you very much!

Certificate errors have been an ongoing, several-times-a-day frustration for me and other users, with different ISPs, since approximately June 25. Is anyone working on this bug? Because it clearly is a bug: Not only I but several other users have reported that Thunderbird worked fine until that date, then stopped working fine. What changed, and can it be put back the way it was, or can we receive some explicit instructions on how to fix it for ourselves? It's making Thunderbird borderline unusable. Every time I try to send a message, I have to confirm a security exception, then send it again. Several times a day, when I try to fetch messages, I have to confirm security exceptions. The confirmations never seem to stick. This is some BS.

With the latest updates, the client no longer accepts the self-signed smtp certificate as exceptions. The server is old and there is no way to upgrade to a newer one. It is also not possible to connect a third-party certification authority

Add Security Exception? I can't send any outgoing email messages. I now get a warning alert after hitting Send entitled "Add Security Exception". It says further, "You are about to override how Thunderbird identifies this site." And, "Legitimate banks, stores and other public sites will not ask you to do this." My email provider is Earthlink and the alert identifies the server location as, "smtpauth.earthlink.net:587" and says, "This site attempts to identify itself with invalid information. Unknown Identity. The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature."

That only available options are, "Confirm Security Exception" and "Cancel". Selection of either option brings up the same next alert, "Send Message Error", "Sending of the message failed. Peer's Certificate issuer isn't recognized. The configuration related to smtpauth.earthlink.net must be corrected."

I didn't intentionally change any settings or receive any notification from Earthlink to that effect, so I don't know why any of these protocols would have changed. I can view the smtpauth.earthlink.net certificate but I don't know how to copy it or attach it for diagnostic purposes. Can anyone provide insight regarding what is going on here and how to resolve it? Any solutions will be greatest appreciated.

I have spent some time digging through your messages about how to fix this issue. I get the general "where to" enable SSL/TLS but no trouble shooting to this specific level.

Spectrum (charter) Internet on May-30-25 a pop up "Add Security Exception" on wife's account (Image #1 below). We have same Internet provider and same server config's (except email name & password or course).

 This Security Exception has happened before, as well as on my account in the past. 

Although, I never got the Exception this time. We did "Confirm Security Exception" 2x on her account and she is up and running again. No issues.

  However, I can't receive e-mails with the Account Settings / Server Settings / Security Settings

"Connection Security" set to SSL/TLS" it must be set to "None" When set to SSL/TLS and I push the "Get Mail" button, the server isn't even banged as there's no msg in lower left frame of TB. I have gmail account and it does bang that one like it should. If set to "None" I get the msg in lower left TB frame showing connection to Charter server and I receive any outstanding e-mails. But I don't want to continue without a password.

 Under [Settings/ Privacy & security / Manage Certificates]

hers (Image #2 below) looks different than mine (Image #3 below). She has the 2 confirmed Security Exceptions, but also has a "View" and "Export" button that are bolded when the specific line item is highlighted. I do not have a View or Export button shown. How do I enable the SSL/TLS with password and actually receive emails?

 I am using TB 128.11.0esr (64-bit)

thx in advance Gene

I have added my local CA to the Certificate Manager (CA.png). When I try to send, I get the "confirm security exception" message (CertError.png). Viewing the certificate gives the data in Server.png and CACert.png.

The server cert is properly signed: $ openssl verify -CAfile ca-chain.cert.pem Mercury2.i-pi.com587.cert.pem Mercury2.i-pi.com587.cert.pem: OK

Why am I getting the certificate error when the CA is loaded into Thunderbird?

OS: Ubuntu 24.04.2 LTS patched as of just now. Thunderbird: 128.10.2esr (64-bit) Thunderbird is installed by snap: $ sudo snap info thunderbird name: thunderbird summary: Mozilla Thunderbird email application publisher: Canonical✓ store-url: https://snapcraft.io/thunderbird contact: https://www.thunderbird.net/contact/ license: unset description: |

 Thunderbird is a free email application that’s easy to set up and customize
 - and it’s loaded with great features!

commands:

 - thunderbird

snap-id: k1Ml1O9GzSO2QftV0ZlWSbUfQ78nN460 tracking: latest/stable refresh-date: 3 days ago, at 10:48 MDT channels:

 latest/stable:    128.10.2esr-1 2025-05-23 (734) 220MB -
 latest/candidate: 128.11.0esr-1 2025-05-23 (735) 220MB -
 latest/beta:      139.0b4-2     2025-05-20 (731) 236MB -
 latest/edge:      ↑                                    

installed: 128.10.2esr-1 (734) 220MB -