« August 16, 2009 |
Main
| August 27, 2009 »
Friday, August 21, 2009
Mozilla Thunderbird "Domain Name Mismatch": Explanation and Work-Around
Today, when I first checked the computer, a popup window informed me that the latest update, version 2.0.0.23, of the
Mozilla Thunderbird mail client program had been downloaded and was ready to install. As this was a security update, I went ahead with the installation immediately. After restarting Thunderbird, it immediately popped up the following dialogue:
and to my dismay popped it up
every time it contacted my in-house, behind the firewall, mail server, either manually or automatically. What appears to have happened is that
this security update, which is being deployed across
all Mozilla Foundation products, has changed the rules for security certificates generated with wildcards. While a certificate generated for “*.fourmilab.ch” would previously be accepted for a machine with a name such as “ceres.lan.fourmilab.ch” (the mail server), now the warning pops up on every such connection. This is going to strike lots of people who use a common site-wide certificate across all the machines in a server farm, or use a single server to host sites in several different domains.
Fortunately, there is a Thunderbird add-on, “
Remember Mismatched Domains”, which adds a check box to the warning dialogue which allows accepting the “mismatch” and not warning further about that specific mismatch. This add-on has already been downloaded more than 125,000 times, and methinks it's about become even more popular in the near future. Just download and install the add-on, accept the domain(s) which are generating the warning, and you're back in business.
Posted at
19:54