Thunderbird keeps saying the Network Solutions email certificates are bad
TB 102.5.0 (64-bit) on Win10 I'm getting repeated notices that my e-mail accounts with Network Solutions don't have a proper "certificate" when I try to send an email. I get a popup window stating so, and asking me to "permanently" choose the exception. It doesn't matter how many times I tell the fool thing to accept the exception "permanently". I still keep getting the notice every few times. Since the glitch is not consistent, I don't have an image of one to put here. Not only that, I have to send the email twice after doing so. TB refuses to send the email the first time after choosing the exception, but allows it the second. I don't know anything about "certificates" and am sick of getting popup notices about them. I doubt that the problem is with Network Solutions email accounts. This reminds me of years ago, when I tried to upgrade to WinXP. It kept interrupting my work to give me popup security notices that I didn't understand and couldn't do anything about. If I remember correctly, I took it back to Sam's Club and replaced it with Win2000. Problem solved. Never mind that XP was supposed to be better. If it ain't broke, don't fix it.
All Replies (17)
I get a popup window stating so, and asking me to "permanently" choose the exception.
There is an error code in the exception window. What is the exact error code? A screenshot would help.
Sorry it took me so long to get back to this; I don't send a lot of mail and the errors do not appear consistently. Error code? Apparently - We doan need no stinking error code! Three of the images here show the results of trying to get mail. The fourth, trying to send mail. Note the "permanent exception" choice. It doesn't work. No matter how many times I check it and accept it, it keeps coming back - more times than Arnold Schwarzenegger as the Terminator.
And no - I don't think it's a Network Solutions problem. I've seen a lot more errors from TB.
You can say that Thunderbird is wrong to do that, but this will not make the problem go away. Unless you want to live in a computer wasteland, you have to live with the rules as they are set; there is not much less left outside of Chrome and Firefox (Thunderbird is really Firefox) in the domain of browsers, and they are on the same line with this - as well as Microsoft, Apple, every Web company, everyone. They will not allow you to run Win2K and connect to the Internet they are ruling.
What's the problem ? Suppose you are living in a corporate commune, let's call it ViceInc. ViceInc is leasing you long term a piece of land, and is providing you with some piece of paper proving that you are occuping the land lawfully as a citizen of ViceInc. You are free to do what you, including setting up a signboard with 'Vatican City' on it, and so claim that you are the pope. When someone will enter, you will ask them to kiss properly your boot. However if this person is clever, they will ask you to prove that this land is really Vatican City. That's at this point that your game will be up, since all you will be able to produce is the certificate that this is really ViceInc territory.
That's about what is happening here. ViceInc is in this analogy hostingplatform.com, that is apparently a Web hoster belonging to Network Solutions. Someone has setup a mail server on their platform, and claimed it was mail.aquarien.com. However, when asked by Thunderbird, all that this mail server can show is a certificate belonging to hostingplatform.com. Theoretically, mail.aquarien.com could be legitimate and get a certificate for this name - in my analogy, the Vatican could really have leased a house for the Pope on ViceInc territory and got a certificate in its name (should I say its Name ?). However, the person having setup this mail server has not bothered with that and use the certificate for hostingplatform.com.
Hope it make things clearer.
This is still an open question. Thank you, Vice Lord Machiavelli My old Win2k computer is still in storage. You may not have noticed "TB 102.5.0 (64-bit) on Win10" in the first line of the original question. And if I'm not allowed to work in your world, why is the "certificate" it not invalid every time, instead of every few times? I don't know about your world, but in Engineering we call that an intermittent fault. If I were still programming, and had a subroutine that did this, I'd figure I did something wrong and maybe scrap it and start over, not snot down and BS the user about how the world just doesn't work the way he wants. There is no good reason why every third or fourth time TB finds Network Solutions certificates to be faulty, and lets them pass every other time. Especially when TB did not find it so for years before, and just started doing that upon some recent faulty update. This wouldn't be the first bad update I've gotten from TB. Nor is there a good reason why, when one tells TB to "Permanently store this exception" TB does not do so and keeps raising the same issue over and over again. In the future Mr. gp, please keep your "help" to yourself.
This is still an open question. In the future Mr. gp, please keep your "help" to yourself.
Be assured that as far as you are concerned, I'll do that :-)
Perhaps I totally misunderstand this, but here goes.
I see a collection of certificate errors for a group of domains and a lot of talk about network solutions. What is missing and pertinent are the details shown when you click view certificate.
The "standard" issues with this are;
- Cheap hosting, or poor configurations which do not get certificates for the domains, so exceptions are occurring because the certificate being offered does not match the domain name used.
- Antivirus programs using self signed certificates to create a man in the middle hacking environment so they can scan encrypted communications. Most of the popular kids in the security software field use this cheap and nasty approach.
I ran a test on mail.aquarian.com, with immuniWeb. The results are here. https://www.immuniweb.com/ssl/mail.aquarien.com/bGOOEJjO/ basically your server is offering the cheap and nasty generic solution, a certificate for (DNS:*.hostingplatform.com, DNS:hostingplatform.com) So without a doubt you can expect any software that is correctly looking at connection security to balk at simply accepting something that does not match as correct without requesting an over ride indicating you accept the risk of this non standards complaint arrangement. That should however not prevent permanent storage of the exception.
You might however want to consider that report in some depth, as you appear to be in business, you might have issues using that account for certain activities legally. Especially if you use credit card numbers in your business.
Now from the ports used it is obvious that encryption is being enforced even on ports it is not expected. (110) so the next question is are you using SSL/TLS or StartTLS. I recall reading something about StartTLS having a vulnerability fixed and the fix having some unexpected consequences. So this is important in the process.
Then we have the issue of the validity of the certificate, that can only be considered in the context of what it actually says. If you have the man in the middle problem then the certificates will be issued as self signed by the antivirus vendor, despite valid ones arriving from the internet. So please check.
BTW some of the common causes of these sorts of intermittent problems come up from the following;
- VPN's they are not all created equal and some simply do not support email. If you use one. Turn it off and see if things improve.
- Wifi Networks coffee shops etc Depending on the access allowed again the mail ports might be compromised or you other software may be protecting you from the network for some reason.
- EMail scanning. It is mostly useless and not at all helpful in making communications simple and just work. They concentrate on web ports and protocols and often cause issues with mail.
- Bad servers in big clusters. Another one of those things. When we get routed via DNS to an IP address, that is frequently no longer an individual server, but a cluster. 99 of the servers in the cluster got an update, but for some reason one missed out and you randomly get an error. These are very hard to troubleshoot unless you work in the network administration of the cluster.
I suggest for now, you upload one of the certificate details from the view button. If that shows nothing obvious, then the next step is to log the connection and see what is happening lower down. These logs get huge fast. So I am reluctant to even suggest them to most folk. This issue is exacerbated when the issue is intermittent and the error log window gets messy fast. But try this https://wiki.mozilla.org/MailNews:Logging#Main_module_options_within_MailNews
This issue is not resolved Nothing is true just because someone on the net says so. It still remains that no matter how many times I tell TB to "Permanently store this exception", it keeps raising the issue. I tend not to believe in a program that can't keep its word. I have to admit that I made a mistake. When I said that my email had been working for years before, I forgot that I recently moved some of my accounts (tulsasoundguitars.com & android-originals.com) from Wild West Domains Inc (soonerdomains.com) to Network Solutions, because WWD has scrapped its old email service and shifted to MS Outlook, which I don't care to deal with. Dealing with Win10 is bad enough. But I didn't switch all of them. The aquarien.com email account has always been with Network Solutions, and has worked for decades, starting from about 1998 or so, first using other mail programs. I forget when I started using TB, but see that some of my emails go back to 2004. Prior to some recent TB update, my password security on most if not all accounts was set to an insecurely transmitted password. Then that stopped working; TB made the objections. I had to experiment with different encryption settings to send and receive emails. On at least one account, I couldn't use the same encryption for sending and receiving. I have been working on computers since about 1962. TB is simply not as reliable as it used to be. To repeat a previous complaint - one update left me with a blank lower right pane where the message appears when selected in the pane above it. I had to uninistall TB and reinstall a previous version just to see my emails. I tend not to believe in a program that doesn't even fulfill basic functions after an update. Badmouthing Network Solutions, one of the oldest and most evolved of hosting services, does not make TB perfect. When everything else is working with Network Solutions, and only email is failing, as it has failed before, that doesn't make NS "cheap".
The resolution of this problem:
If Thunderbird would keep its word, "Permanently store this exception", and stop raising the issue.
All of the carping, BS, and blaming myself and Network Solutions because TB can't keep its word does not reflect well on those who raise so much blather in defending it. How many TB users can even follow such arguments? Because of age and medications, I stopped programming over a decade ago. But that doesn't mean that I have to believe any of the BS thrown at me.
Just fix it already.
No matter how many times I tell Thunderbird to "Permanently store this exception", it keeps raising it. I don't care who thinks their certificates are "cheap". If someone at Mozilla is doing this because he or she has a problem with Network Solutions, it's unprofessional to take it out on NS customers.
Where is the certificate you are getting when you click view?
Is the certificate you get the same as the test showed? Or is it something else again?
I have no idea. I can not click the view button for you and you have not provided the information.
I told you what I had found out. It is neither complete nor necessarily correct but in the absence of real information from you, I did my best. Instead you want to shoot the messenger. Consider me shot.
If I remember correctly, I've had an account with Network Solutions for over 20 years, and have had little problem with it. Here, someone I don't know and never heard of: 1) refuses to address the inconsistency Thunderbird shows in either accepting or rejecting certificates (about which I know nothing and care a bit less); 2) badmouths Network Solutions, calling their certificates "cheap"; 3) tells me that password security and anti-virus software are problems, when AVG has trapped dozens of email viruses for me; and 4) gives me a bunch of hoops to jump through.
Golly gee, Mr. Wizard, where do I have any obligation to trust this guy's motives?
This problem is still not resolved. When I check the box for "Permanently store this exception", TB damn will ought to do it, and do it consistently, regardless of any bug anyone has up his nether end about NS certificates being "cheap".
It's still unprofessional for anyone at Mozilla to take out any dispute with NS over certificates on TB users who also happen to be NS customers. And if it was done deliberately in programming TB, by those who may feel themselves self-entitled to impose sanctions on the rest of us for their definitions of heresy, then it's also unethical and damned.
Can you hear me now?
Again, Thunderbird is unable or unwilling to "Permanently store this exception"
Or is it just plain unethical in foisting its arguments with other net entities off on its users?
Taking hostages is not cool
Take a good look at the first reply in the images below. No user with a problem wants to hear from a snarky jerk. Nor is it ethical to make users repeatedly address bogus "errors" created by programmers in the service of their personal politics. As someone who started writing programs in 1962 and progressed to the Ph.D. level in numerical methods, I say that there is no mystery here. This alleged "certificate" error keeps getting raised because someone programmed it that way. And when one "confirms" this "security exception" and clicks to "Permanently store this exception", it fails after working one or two or three times precisely because some snarky jerk with a personal problem about it programmed it to fail.
That is one sorry excuse for a human being.
If you want support. I am offering.
If you want to take your bat and ball and go somewhere else to do your mail support that is also fine with me. It is not as if I or anyone else get paid on this forum to answer questions and try and help their peers. But you don't get to make the rules and posting the same duplicate information in new topics going forward is against the rules. I will simply delete them going forward.
There is no answer for your topic as it stands because you have simply not provided sufficient information to make an informed response as to exactly why it happens. Until you accept that to be the case, and offer information when it is requested nothing but guesses and conjecture can occur. Call me whatever you like, but the failure to provide sufficient information only has one source.
One "reason" saving fails is the certificates where the case used for the server name are not the same as reported in the TLS connection. In this case I have no idea if it applies because you have refused to supply the information to determine if that is the case.
Thunderbird and even Firefox bombards me (today's Mozilla-bombs below) with security notices abusing the credibility of Network Solutions web sites. It's unethical, abusive and offensive, especially when Mozilla "offers" to "Permanently store this exception" and then refuses to do it. First, no one, including me, needs to know anything about the certificates (presumably provided to me by NS) to store and keep the exceptions for them. Second, I don't know you or your motivations; why should I trust you with my certificates? The reply from Contributor gb above makes problem abundantly clear. Mozilla, and apparently its Community, has some kind of snit going with Network Solutions, and is abusing my email accounts with repeated bogus error messages to make the point, demanding that I spend a lot of time hunting snipes that I don't give a damn about. Grow up. Stop holding users hostage to your picayune programming politics.
Mozilla Thunderbird is still abusing users instead of having the courtesy and professionalism to deal directly with Network Solutions to resolve certificate issues. There is no moral excuse for Thunderbird to refuse to "Permanently store this exception", no matter how many times the box is checked. Nor is there any moral excuse for demanding that users solve Mozilla political issues by offering up their private information.