Yonke imikhiqizo Community Forum

Hello,

I had issue to verify the cert on android app for https://partners-enrichment.heytelecom.be. On Windows I didn't have the same issue.

version 144.0.2 / build id 20251027123126 / target arm64-v8a armeabi-v7a x86_64 Device: Samsung S22 / One UI 7.0 / Android version 15 / version S901U1UES8FYI2 / Security patch level September 1, 2025

Error: Secure Connection Failed, because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

CertChain RCA: DigiCert Global Root G2 DCA: DigiCert Global G2 TLS RSA SHA256 2020 CA1 cert: partners-enrichment.heytelecom.be

1) I couldn't check the cert from the gui as on windows. Shield in search bar / Connection not secure doesn't opened the cert. Is it expected?

2) I found this helppage: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

Unfortunately about:preferences isn't available on android (ref. https://www.reddit.com/r/firefox/comments/u593x0/how_to_access_to_aboutpreferences_on_android/)

I see in about:certificate which is the correct RCA (I verified the pem file with the root). DigiCert Global Root G2

Where do I check the Intermediate CA's (DCA)?

3) When exporting the RCA it has been download as: digicert-global-root-g2.pem.txt Why the txt at the end?

On Windows it downloads as digicert-global-root-g2.pem

Kind regards,

I need help with fixing certs I beleive were changed by an application. I found some files in an application I installed through another without fully looking at the extra packaged material. One seems to be a configuration file for CA certs and the other is a list of SSL certs taken from Mozilla that were included with the intent of editing trusted user certs. I now see the evidence of a Linux device using my Firefox. To me, that is pretty clear evidence that Shell was used for some connection. So, with that, I'm assuming the certs on my device are not correct, and need to be fixed. Please let me know what I can do for this and if there is any other information you can give me on how to find out more about what to do. Unfortunately, there are also files that seem to also change user to a fake user while they gain root as guest. Any additional information including removing and replacing all certs wouldbe very helpful. Im trying to get to a certain point of restricting access and making a move to alert the correct people in Github and a couple of others with/towards some of the files before I do any kind of reset as I am not fully sure how tainted the restore might be.

When someone sends me a msg, it displays along with the HTTP equivalent? Trying to figure out what setting is out of Wack such that I ses the HTTPS display of the message? Thanks

I have read the support page https://support.mozilla.org/en-US/kb/configure-dns-over-https-protection-... but under my Settings -> Privacy & Security section there is no "DNS over HTTPS" option. I have Firefox for Android version : 142.0.1 (Build #2016110943), 179e4da8d58fdece16dcbf164c80199917a5946e GV: 142.0.1-20250827004350 AS: 142.0.1 OS: Android 15 How can I get that option enabled?

Secure Connection Failed

An error occurred during a connection to www.mofa.gov.sa. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Learn more…

I have suddenly started to receive this message when I open Thunderbird "Certificate for IMAP Gmail does not come from a trusted source". When I click on this message I get the attached screenshot.

I've gone through the forums by I can't understand what it is written. It seems like everything that is written is designed for people who have a good understanding of technology. I don't but I was able to determine that the OAuth is properly set.

I am using 128.14.0esr (64-bit) Thunderbird for Linux Mint mint-001 - 1.0 Updates disabled by system administrator Currently on the esr update channel

Hi,

I’m using Thunderbird on Windows and recently ran into a certificate warning that I can’t safely interpret, even after searching the web and using AI tools (which gave me inconsistent answers).

Thunderbird tries to connect to the iCloud contacts server p123-contacts.icloud.com (CardDAV). When it does, I get a “wrong site” certificate error. When I click “View certificate”, Thunderbird shows a valid certificate, but not for Apple/iCloud – it’s for login.kraftcom.de (issued by DigiCert / GeoTrust TLS RSA CA G1). I did not accept the exception.

From what I can see online, p123-contacts.icloud.com is a legitimate Apple domain, but it is also mentioned in some phishing / scareware contexts, which makes me even more unsure how to interpret this combination (Apple host + Kraftcom certificate). I’m also not sure whether this is simply a captive-portal / ISP login interception effect or something that should worry the wider community.

My questions:

Is this behavior expected in any scenario, or does it indicate a misconfiguration / MITM situation that Thunderbird should treat as a serious security issue?

Is there anything I should check or change on my side (Thunderbird config, network, ISP, certificates)?

Is there any additional diagnostic information I can provide (logs, screenshots) that would help you assess whether this is a Thunderbird issue or a network/ISP issue?

I specifically did not confirm the certificate exception and I would like to keep my setup secure, but I also want to make sure the community is aware if this is a broader problem.

Thanks in advance for any guidance

Hello.

I have added a new account to Thunderbird, and it is not syncing to show new messages. I am getting a pop-up from Tbird saying "The certificate for mail.newcreationloughborough.uk is not valid for that server ..." etc. I have gone through the procedure titled 'Troubleshooting email client warnings about invalid server certificates' to add Norton's certificate to my email app (as directed by the 'resolve' link in the 'Resolve email sync issues caused by certificate warnings' from the Norton EE Cyber Security add-on), and it tells me that the certificate is already installed.

What can I do next to get it to sync?

Why do I get this message" You are about to override how Thunderbird identifies this site" smtp.genemaas.net:587 when sending email?

Hi All. New to Thunderbird but liking what I see. Am trying to install a new certificate but keep seeing the same error message when I attempt to send an email:

Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.

So here is what we know:

The certificate seems to work (I've sent test emails to a couple of test email accounts) when I use it in Outlook safe mode. Can't get it to work in normal Outlook mode because of add-ins, hence my switch to Thunderbird. They seem to appear fine in the S/MIME section for digital signing and encryption and I can even see the certificate when I go into Manage S/MIME Certificates.

Has anyone come across this before / got any ideas about how to resolve this? Thanks!!

From Microsoft: "Recent Outlook Mobile updates introduced a stricter and more standards-aligned S/MIME message structure. The messages themselves are valid, but some third‑party mail clients such as Thunderbird do not fully support the way Outlook mobile structures the encryption. As a result, these clients may display a blank message body even though the encrypted content is present.

As a workaround, if you need to send encrypted mail to recipients who use third‑party clients, use Outlook desktop or Outlook on the web instead of Outlook mobile. These versions generate encrypted messages in a format that is more widely supported. "

I couldn't find this reported anywhere in these forums. Is there a solution being worked on to address this issue? Or has anyone found a workaround? We are stuck with using the Outlook app until the Thunderbird app supports S/MIME.

I've encountered an issue specifically with OpenPGP encrypted emails in the latest version of Thunderbird, 140.0.1.

When I receive an email that is encrypted with OpenPGP, the notification bar that allows me to "Load Remote Content" does not appear. This behavior is exclusive to encrypted emails; the option shows up normally for all other, non-encrypted messages.

As a troubleshooting step, I tried to enable the "Allow remote content in messages" option. However, this setting does not seem to affect the encrypted emails at all, and their remote content remains blocked and hidden.

So, I'd like to know if this is an intentional security policy in Thunderbird, or if it's a bug. Is there any way to solve it?

I am getting this message when I try to send email. All of my settings are correct. 'Sending of the message failed. Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

I am using Firefox version 140.4.0esr (64bit) Only on Firefox: when trying to connect with Pirates' web page, I have a block which reads:

Security Connection Failed - no common encription algorithems      Error Code: ssl_error_no_cypher overlap

To The Official Site of The Pittsburgh Pirates/pirates.com:Homepage

I have tried to contact them with no luck.

Can you help?

Thanks,

David Martin ([edited email from public community support forum])

On Monday, 17 November 2025 the Security Certificate expired and I stopped receiving emails both on my computer and Andriod Device. As a result I am not receiving any emails through Thunderbird, but I can go to email host site to view them.

I logged in my computer tonight and clicked here and clicked there and the error message: "The certificate for mail.homebizmall.net is not valid for that server. Someone could be trying to impersonate the server. Create an exception but this could mean that someone has stolen your certificate and may be able to impersonate you."

So it seems the POP server and the SMTP server certificates were only valid for 3 months and I was FORCED to create the exception for both servers. Now I am worried the security has been breached.

By clicking here and clicking there, I stumbled on a few people who seem to have this problem, but each with their own limitations. My operating System is Windows 10 without the option to upgrade. I have not extended the security updates because I don't understand if it is just the operating system uploading to the cloud or everything on my computer and I am not prepared to do the latter.

Is it safe to leave the band aid on that I have used for the moment? Can I create an exception for the phone? Or is there a glitch that someone needs to walk me through fixing?

Thanking you in advance

Clinton