The Linux Page

The certificate is not trusted because it is self signed.

Connection problem with Shredder

Today I got a little surprised by Shredder (the base used to build Thunderbird.)

Somehow, the certificates for my mail server had reached maturation (i.e. it was showing an end date as of today.)

On each connection to the server I would get the following error:

<name>: uses an invalid security certificate
The certificate is not trusted because it is self signed.
(Error code: sec_error_ca_cert_invalid)

Interestingly enough, I search on this error and mainly found things about FireFox and SeaMonkey instead of Thunderbird (and nothing about Shredder... well, one bug report from 2008 which did not help.)

I'm not too sure what did really happen, but when I tried to follow some of the instructions found on those websites it didn't help. The two things I've found were:

1) Change the settings of security.default_personal_cert to "Select Automatically". The default is "Ask Every Time".

The flags are under: Edit » Preferences » Advanced » General » Config Editor ...

If I understand correctly, this is whether the tool should request the server certificate each time it connects or just once in a while as required.

2) Accept the certificate as a known trusted certificate. This option is used to provide Shredder with a copy of the certificate causing problems.

This is found under: Edit » Preferences » Advanced » Certificates » View Certificates » Servers » Add Exceptions ...

Here you are given the opportunity to enter you mail server information. The program will then go get the info and save it as an exception.

Wrong!

In my case that didn't work. Our main server uses a wildcard certificate: *.m2osw.com which manes that all sub-domains are covered by that certificate, including mail.m2osw.com... and somehow Shredder wanted to use that certificate instead of the self signed TLS certificate. In other words, I could not add the exception I was expecting to add.

Fixing This Problem...

The fix was to run Thunderbird and refresh said certificate with Thunderbird. Then I could come back in Shredder and everything was working like charm.

I guess Thunderbird, by accepting self signed certificates on the fly, gives you the chance the add the exception properly, whereas Shredder doesn't.

Happy emailing.