Thunderbird and system-wide certificate authorities
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I need to install a CA for a mail server that works for Thunderbird (technically icedove) and other mail clients.
Other mail clients are easy, I just take the following step:
cp ca.crt /usr/share/ca-certificates/trust-source/anchors
sudo update-ca-trust extract
And anything that uses my system CA will trust the server.
But Thunderbird only works if the following two conditions are met:
The cert is installed in my Thunderbird profile with the following command
certutil -A -n my-ca-nickname -t "C,," -i ca.crt -d ~/.thunderbird/*.profile
The cert has not been installed system-wide using the
update-ca-trust
method
Why won't Thunderbird play nice? Why doesn't a system-wide CA install work with Thunderbird? And why does a system-wide CA actually block the profile-specific CA installation from working?
(Note: when I do a profile-specific installation, the CA shows up in the "manage certificates" window as a "Software Security Device", but when I do a system-wide installation the CA shows up as a "Builtin Object Token" and I don't understand the difference)
I am using Parabola Linux (derived from Archlinux) and Icedove version 52.5.0
certificates thunderbird
add a comment |Â
up vote
0
down vote
favorite
I need to install a CA for a mail server that works for Thunderbird (technically icedove) and other mail clients.
Other mail clients are easy, I just take the following step:
cp ca.crt /usr/share/ca-certificates/trust-source/anchors
sudo update-ca-trust extract
And anything that uses my system CA will trust the server.
But Thunderbird only works if the following two conditions are met:
The cert is installed in my Thunderbird profile with the following command
certutil -A -n my-ca-nickname -t "C,," -i ca.crt -d ~/.thunderbird/*.profile
The cert has not been installed system-wide using the
update-ca-trust
method
Why won't Thunderbird play nice? Why doesn't a system-wide CA install work with Thunderbird? And why does a system-wide CA actually block the profile-specific CA installation from working?
(Note: when I do a profile-specific installation, the CA shows up in the "manage certificates" window as a "Software Security Device", but when I do a system-wide installation the CA shows up as a "Builtin Object Token" and I don't understand the difference)
I am using Parabola Linux (derived from Archlinux) and Icedove version 52.5.0
certificates thunderbird
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I need to install a CA for a mail server that works for Thunderbird (technically icedove) and other mail clients.
Other mail clients are easy, I just take the following step:
cp ca.crt /usr/share/ca-certificates/trust-source/anchors
sudo update-ca-trust extract
And anything that uses my system CA will trust the server.
But Thunderbird only works if the following two conditions are met:
The cert is installed in my Thunderbird profile with the following command
certutil -A -n my-ca-nickname -t "C,," -i ca.crt -d ~/.thunderbird/*.profile
The cert has not been installed system-wide using the
update-ca-trust
method
Why won't Thunderbird play nice? Why doesn't a system-wide CA install work with Thunderbird? And why does a system-wide CA actually block the profile-specific CA installation from working?
(Note: when I do a profile-specific installation, the CA shows up in the "manage certificates" window as a "Software Security Device", but when I do a system-wide installation the CA shows up as a "Builtin Object Token" and I don't understand the difference)
I am using Parabola Linux (derived from Archlinux) and Icedove version 52.5.0
certificates thunderbird
I need to install a CA for a mail server that works for Thunderbird (technically icedove) and other mail clients.
Other mail clients are easy, I just take the following step:
cp ca.crt /usr/share/ca-certificates/trust-source/anchors
sudo update-ca-trust extract
And anything that uses my system CA will trust the server.
But Thunderbird only works if the following two conditions are met:
The cert is installed in my Thunderbird profile with the following command
certutil -A -n my-ca-nickname -t "C,," -i ca.crt -d ~/.thunderbird/*.profile
The cert has not been installed system-wide using the
update-ca-trust
method
Why won't Thunderbird play nice? Why doesn't a system-wide CA install work with Thunderbird? And why does a system-wide CA actually block the profile-specific CA installation from working?
(Note: when I do a profile-specific installation, the CA shows up in the "manage certificates" window as a "Software Security Device", but when I do a system-wide installation the CA shows up as a "Builtin Object Token" and I don't understand the difference)
I am using Parabola Linux (derived from Archlinux) and Icedove version 52.5.0
certificates thunderbird
asked Dec 22 '17 at 15:48
rexroni
618415
618415
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f412538%2fthunderbird-and-system-wide-certificate-authorities%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password