« It's official! NASA is a jobs program. | Main | Gnome-o-gram: Adjustable Rate Mortgages, Notional Value, and the Double Dip »

Friday, August 21, 2009

Mozilla Thunderbird "Domain Name Mismatch": Explanation and Work-Around

Today, when I first checked the computer, a popup window informed me that the latest update, version 2.0.0.23, of the Mozilla Thunderbird mail client program had been downloaded and was ready to install. As this was a security update, I went ahead with the installation immediately. After restarting Thunderbird, it immediately popped up the following dialogue:

tbird_cert.png

and to my dismay popped it up every time it contacted my in-house, behind the firewall, mail server, either manually or automatically. What appears to have happened is that this security update, which is being deployed across all Mozilla Foundation products, has changed the rules for security certificates generated with wildcards. While a certificate generated for “*.fourmilab.ch” would previously be accepted for a machine with a name such as “ceres.lan.fourmilab.ch” (the mail server), now the warning pops up on every such connection. This is going to strike lots of people who use a common site-wide certificate across all the machines in a server farm, or use a single server to host sites in several different domains.

Fortunately, there is a Thunderbird add-on, “Remember Mismatched Domains”, which adds a check box to the warning dialogue which allows accepting the “mismatch” and not warning further about that specific mismatch. This add-on has already been downloaded more than 125,000 times, and methinks it's about become even more popular in the near future. Just download and install the add-on, accept the domain(s) which are generating the warning, and you're back in business.

Posted at August 21, 2009 19:54