The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Thunderbird Email Client - Certificate can not be validated

Discussion in 'E-mail Discussions' started by Canon_Man, Mar 23, 2011.

  1. Canon_Man

    Canon_Man Registered

    Joined:
    Mar 23, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Twice now I have had the Thunderbird client complain that the certificate for the cPanel web mail server is not valid or cannot be validated when logging on to the server with my client software for the first time. The second occurrence was when I moved the email profile to a new laptop computer from my desktop. Each time, the user has the option to override the certificate and continue to log on.

    I know that web sites can be registered with Mozilla so that it creates a list of recognized server hosts. Is this a problem with the server, or with the way Thunderbird views the web host?
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The host is likely using a self-signed certificate, which will not be in the list of recognized SSL providers. You would need to contact your hosting provider where you purchase the site and discuss the issue with them either way.
     
  3. Canon_Man

    Canon_Man Registered

    Joined:
    Mar 23, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the reply.

    This is beginning to get really weird. I have email accounts on Gmail, AOL and a named server that uses cPanel for its web front end.

    The web hosting provider just moved the named server services to a new host about a week ago. Once this happened, I ran into the same issues that I had originally with certificate authority.

    To explain, when I first attempted to access the named email server through FireFox, I got a warning message that the Certificate was not valid for the named server I was attempting to access. The same thing happened to my Thunderbird email client the first time I attempted to access the named server to receive mail and then to send mail through the named server. I did an override to get the browser and email client to work.

    One of the people I deal with frequently has an AOL account, that as of a week or so ago, I can no longer send mail to through this named server. I've even tried sending myself the same email through the named server, but the message never arrives. The message, like all messages sent in this way get stuck in a mail queue trying to go to AOL and the server finally gives up and returns the message.

    I've spoken to the web host people, but I am beginning to think this is beyond their scope of understanding.

    Is AOL tightening its security to refuse mail that does not have a known CA?

    Please advise.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You would need to contact AOL to see why they are refusing the messages, but mail servers receiving an email do not check whether it was sent using SSL or non-SSL for the transport type. They wouldn't have any way to check for a self-signed versus a signed certificate, since they would know that self-signed certificates are as secure and valid as purchased certificates for authenticating.

    The likely reason they aren't accepting the messages is that the new IP for this machine is either blacklisted, doesn't have SPF/DomainKeys/DKIM, or doesn't have a valid PTR record versus mailhelo response (where the IP and the mailhelo match). If you provide the IP for us to see what it happens to be, the IP could be checked for blacklisting or PTR records.
     
  5. Canon_Man

    Canon_Man Registered

    Joined:
    Mar 23, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the reply.

    I too was thinking that the mail might be blocked at a much different level than simply SPAM filter level; that it could be a physical level like an IP address.

    Have forwarded this belief on to our web host, but knowing that blacklists are not easy to get off, it may not be easy to fix.

    Thanks for the follow-up nonetheless.
     
  6. Canon_Man

    Canon_Man Registered

    Joined:
    Mar 23, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Turns out the mail issues with AOL had nothing to do with certificates as cPanelTristan pointed out.

    (BTW, the credit for this all goes to cPanelTristan) Thank You!

    Web hosting is updating rDNS address and settings at present. Will know it it worked in a bit.

    Think the mail server is on the way to recovery.

    "I love it when a plan comes together!" - Hannibal Smith - The A-team
     
    #6 Canon_Man, Jun 24, 2011
    Last edited: Jun 24, 2011
Loading...

Share This Page