搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

thunderbird trying to override ssl certificate

  • 4 个回答
  • 19 人有此问题
  • 10 次查看
  • 最后回复者为 christ1

more options

When I try to send a email I get a error message, "Sending of message failed. The message could not be sent using SMTP server smtpout.secureserver.net for an unknown reason. Please verify that your SMTP server settings are correct and try again, or contact your network administrator." Then another window pops asking to override my SSL certificate. I am using Godaddy for email hosting and they are saying it might be a security flaw within Thunderbird. It is trying to override my godaddy SSL cert with a cert with the following info.


Issued To

Common Name (CN): Server ] Organization (O):Sample, Inc.

Organization Unit (OU):IT Team

Serial Number:02


Issued By

Common Name (CN):CA

Organization (O):Sample, Inc.

Organization Unit (OU):IT Team


Validity

Issued on:11/18/2010

Expires On:11/15/2020


Fingerprints

SHA1 Fingerprint:12:52:B4:38:8C:74:A2:F1:13:1F:F3:46:EF:75:CE:9A:02:E9:28:91

MD5 Fingerprint:FA:A3:01:DD:E5:5D:20:60:F7:6C:24:DA:93:14:7F:30


I don't want to override my SSL cert and every email I try to send it wants me to. Is there a virus on my computer or am I being hacked or am I over reacting and should just accept it?

When I try to send a email I get a error message, "Sending of message failed. The message could not be sent using SMTP server smtpout.secureserver.net for an unknown reason. Please verify that your SMTP server settings are correct and try again, or contact your network administrator." Then another window pops asking to override my SSL certificate. I am using Godaddy for email hosting and they are saying it might be a security flaw within Thunderbird. It is trying to override my godaddy SSL cert with a cert with the following info. Issued To Common Name (CN): Server ] Organization (O):Sample, Inc. Organization Unit (OU):IT Team Serial Number:02 Issued By Common Name (CN):CA Organization (O):Sample, Inc. Organization Unit (OU):IT Team Validity Issued on:11/18/2010 Expires On:11/15/2020 Fingerprints SHA1 Fingerprint:12:52:B4:38:8C:74:A2:F1:13:1F:F3:46:EF:75:CE:9A:02:E9:28:91 MD5 Fingerprint:FA:A3:01:DD:E5:5D:20:60:F7:6C:24:DA:93:14:7F:30 I don't want to override my SSL cert and every email I try to send it wants me to. Is there a virus on my computer or am I being hacked or am I over reacting and should just accept it?

由cajohnson002于修改

所有回复 (4)

more options

It does seem very suspicious if the Issuer ("Issued by") is "Sample, Inc."

Have you always had this problem with Thunderbird or it is a new issue that started recently?

For suggested malware scanning tools, see this article: Troubleshoot Firefox issues caused by malware.

more options

I've been having the same problem intermittently, for maybe a few weeks. The certificate is clearly self-signed, probably being served by just one of the SMTP pool servers behind the smtpout.secureserver.net VIP (or possibly on the load-balancer itself, if it's terminating the SSL). I've uploaded a screenshot, which appears to be identical to the one described above, as well as another screenshot of a valid GoDaddy SMTP certificate.

Unfortunately, I can't get GoDaddy support to consider this possibility, as they've responded that their servers aren't misconfigured, and that it's "being caused locally by the time and date on [my] computer." Apparently my time/date configuration, which is synchronized via NTP, is somehow causing a certificate to appear from the "IT Team" at "Sample, Inc." Right.

The other possibility I might be willing to consider is a man-in-the-middle attack from malware or a malicious actor at the ISP. The fact that the OP on this thread is having the same problem, and is getting the exact same certificate, makes the ISP theory pretty unlikely. I'm also experiencing this problem from both a Mac and a Windows box, so the malware option is unlikely as well.

I will post an update if I get a resolution through GoDaddy or other means.

由dafx于修改

more options

dafx, where have I suggested to accept a suspicious certificate?

Please read the article before making such claims.