SSL Security Error: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(Added other security errors section.)
Line 6: Line 6:


In both cases, you should make a judgment as to whether you still want to trust the server for what you want to use it for. For example, it may not be a good idea to send your credit card information to a site with either of these problems, but it may be acceptable for posting on a forum. If you trust the server, you can can get rid of the alert by installing the Remember Mismatched Domains extension for [https://addons.mozilla.org/firefox/2131/ Firefox], [https://addons.mozilla.org/en-US/thunderbird/addon/2131 Thunderbird 2.x], or [https://addons.mozilla.org/en-US/seamonkey/addon/2131 SeaMonkey]. It adds a "Don’t warn me again about this certificate for this domain" checkbox to the Domain Name Mismatch and Server Certificate Expired warning windows. Thunderbird 3 supports adding a security exception.
In both cases, you should make a judgment as to whether you still want to trust the server for what you want to use it for. For example, it may not be a good idea to send your credit card information to a site with either of these problems, but it may be acceptable for posting on a forum. If you trust the server, you can can get rid of the alert by installing the Remember Mismatched Domains extension for [https://addons.mozilla.org/firefox/2131/ Firefox], [https://addons.mozilla.org/en-US/thunderbird/addon/2131 Thunderbird 2.x], or [https://addons.mozilla.org/en-US/seamonkey/addon/2131 SeaMonkey]. It adds a "Don’t warn me again about this certificate for this domain" checkbox to the Domain Name Mismatch and Server Certificate Expired warning windows. Thunderbird 3 supports adding a security exception.
==Other security errors==
If you get an error message about the certificate being revoked (sec_error_revoked_certificate) that means that its invalid and should not be used.
Older versions of Thunderbird never checked whether the certificate was revoked. However, Thunderbird 3.1.2 and later do, so you may find when you upgraded all of a sudden your secure connection failed. You can disable checking whether its revoked by setting '''security.OCSP.enabled''' to '''0''' using the [[Modify_Thunderbird_settings | Config editor]]. It typically defaults to 1.
Since its your email provider that marked it as invalid, yet they're still using it, contact them and find out whats going on.


==Related bugs==
==Related bugs==

Revision as of 08:04, 8 September 2010

This article applies to Firefox, Thunderbird, Mozilla Suite and SeaMonkey.

"Security Error: Domain Name Mismatch" occurs if you make a secure connection to a server whose domain does not match the domain name in the certificate it uses. This is to inform you that the site you are trying to connect to may not be the site you wanted. It may also occur when a site changes their domain name but doesn't buy a certificate for the new domain.

"Security Error: Server Certificate Expired" occurs if the site's certificate expiry date is later than your system date. This may be caused by your system having the incorrect time, or by the certificate genuinely being expired.

In both cases, you should make a judgment as to whether you still want to trust the server for what you want to use it for. For example, it may not be a good idea to send your credit card information to a site with either of these problems, but it may be acceptable for posting on a forum. If you trust the server, you can can get rid of the alert by installing the Remember Mismatched Domains extension for Firefox, Thunderbird 2.x, or SeaMonkey. It adds a "Don’t warn me again about this certificate for this domain" checkbox to the Domain Name Mismatch and Server Certificate Expired warning windows. Thunderbird 3 supports adding a security exception.

Other security errors

If you get an error message about the certificate being revoked (sec_error_revoked_certificate) that means that its invalid and should not be used.

Older versions of Thunderbird never checked whether the certificate was revoked. However, Thunderbird 3.1.2 and later do, so you may find when you upgraded all of a sudden your secure connection failed. You can disable checking whether its revoked by setting security.OCSP.enabled to 0 using the Config editor. It typically defaults to 1.

Since its your email provider that marked it as invalid, yet they're still using it, contact them and find out whats going on.

Related bugs