As one who raised this issue a while back, I'd like to report back.
Basic problem: Recent versions of SeaMonkey don't let you accept a
self-signed IMAP server certificate (the view certificate and accept
exception buttons are greyed out) . Bugs 1122239, reported 1/15 and
1117133 <https://bugzilla.mozilla.org/show_bug.cgi?id=1117133> reported
1/2 by me). Still marked as "unconfirmed" and unassigned.
As far as I can tell, this stems from a bug in the underlying
Firefox/Thunderbird certificate manager - fixed for Thunderbird, but not
carried into SeaMonkey.
Kind of a pain in that this is the season when certificates expire and
have to be renewed.
Found some workarounds:
- temporary: keep using the previous certificate until it expires, hope
the bug gets fixed (what I did until today, but the clock was running out)
- use Thunderbird or another mail client (was it was looking like I was
getting forced into)
- if you can, become a certificate authority, sign your cert, install
the associated root certificate into SeaMonkey
Since we run an internal mail server, and generate our own keys - the
last option is available to us. It took a couple of days to wade
through the openssl documentation and various how-tos - but managed to
get everything to work.
In the interests of helping anybody else who finds themselves in this
situation:
- make sure to copy your current cert to .old, before starting to play
-- getting everything to work is tricky, you may end up needing to
revert, to keep reading mail
- There's a really good guide to setting up the CA (Certification
Authority) functions of openssl, generating root certificates, and then
signing device certificates with them
- one particular gotcha to watch out for, if you run UW-IMAPD: it stores
it's server-side private key and certificate in the same file - so you
have to:
--- generate a key-pair
--- generate a CSR (certificate signing request)
--- sign the CSR to generate certificate
--- then combine the private key and signed certificate into one file
for use by imapd (take a look at your current working key, if you still
have it)
- there's a really good how-to at
http://gagravarr.org/writing/openssl-certs/ -- it's where I found out
about how to set up keying for uw-imapd - none of the other how-tos that
I found mention that little nit.
- one other thing - not sure if it's related or not (it uses separate
keying and certificate) - but right after restarting the imap server,
our postfix install stopped delivering mail - it just accumulated in the
que - stopping and restarting it, and doing the same to the antispam
daemon, solved the problem - but figured I'd mention it as something to
keep an eye out for
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
