Bypassing SSL errors in Thunderbird 2.x

20 Feb

I use Thunderbird 2.x to check my office mail at home, and one of the so-called security improvements is that it is much more strict about SSL errors than Thunderbird 1.x or Outlook. That is to say, if it hits an SSL error, it just won’t connect. At all.
Over this past weekend, an update to our mail server clobbered the SSL certs, making them invalid. Encryption works as normal, but the certificate is not valid. So Thunderbird stopped working. That’s all well and good guys, but I still need my email.
I found out that you can set up exceptions by going to:
Tools | Options | Advanced | Certificates | View Certificates | Servers | Add Exception
(yeah, that’s easy to find)
Once there you have to enter the path to the mail server. Except that it only takes https:// addresses (as far as I could tell), and the exceptions are made on a port-by-port basis, so you can’t actually make an IMAP exception this way. But that’s ok, we’ll figure it out. Go ahead and make an exception for the https:// address (assuming your mail server has webmail and that it is using the same certificate).

Now here’s the trick, click ok to the 50 dialog boxes you opened up to get to this point, and close out of Thunderbird. Go to your Thunderbird profile, on windows that would be %appdata%\Thunderbird\profiles\[some random characters].default
Locate the file cert_override.txt and open it in a file editor that understands linux style linebreaks (i.e. not notepad; wordpad is a worthy consideration).
Ignore this line:

# This is a generated file! Do not edit.

The next line down should be your mail server followed by a bunch of certificate information. It should start like this:
You need to change the 443 to the port your mail server uses, in my case, 993. If you want it to work for 443 and 993, just duplicate the line, leave the old one at 443 and make the new one 993.

Save the file and start Thunderbird. Voila!


Leave a Reply


  1. Andrew

    February 20, 2008 at 9:09 am

    I just switched to outlook — luckily mozilla is finally putting more resources into thunderbird so it can finally compete with a full-fledged email client along the likes of outlook and the apple suite

  2. Jay

    February 24, 2008 at 3:44 am

    I’m sad to say that in general Outlook does work better in a lot of ways, but Thunderbird is making significant progress and you really can’t beat the availability of extensions.

    My favorite email client of all time is actually Eudora, but Qualcomm has stopped any further development on Eudora as a commercial product. Fortunately they are contributing resources to Thunderbird to make an open source version called Eudora 8, which is mostly Thunderbird with a Eudora look and feel. Hopefully as time goes on they will implement more of the cool Eudora features and I will have the best of both worlds.

    For now I am happy to have the ability to ALT-Click on a sender or subject and have all messages matching that grouped together. That means if I don’t feel like searching but I need to find a specific message from you, I can scroll until I see your name, ALT-Click on your name to have all your messages grouped together, then I can look for the subject of the particular email, and ALT-Click on that to have the entire thread grouped together. Pretty hott.

    It’s also nice to be able to integrate calendar functionality with mail (using the lightning extension), something Eudora has never been able to do.

  3. Trevor

    March 9, 2008 at 3:36 pm

    Thanks for this post! I struggled with this exact problem all morning!

  4. [SOLVED] Bypassing SSL errors in Thunderbird « RussenReaktor’s Weblog

    January 19, 2010 at 4:38 am

    […] via¬†Bypassing SSL errors in Thunderbird 2.x on Jay Paroline – Grooveshark Dev. […]