MozillaZine

Unable to obtain identification status for this site

User Help for Mozilla Thunderbird
lister171254
 
Posts: 7
Joined: July 29th, 2004, 12:17 am

Post Posted June 30th, 2018, 2:12 am

I'm running Thunderbird V 52.8(64-bit) on the latest version of Ubuntu.
I'm trying to add an exception for a CA Cert generated certificate. I'm getting the error

Unable to obtain identification status for this site

Firefox has no issues with this certificate and the following coomand also seems to work


Code: Select all
openssl s_client -connect mysite.com:60200 -showcerts < /dev/null
CONNECTED(00000003)
depth=1 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support@cacert.org
verify return:1
depth=0 CN = www.mysite.com
verify return:1
---
Certificate chain
 0 s:/CN=www.mysite.com
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
-----BEGIN CERTIFICATE-----
MIIFGDCCAwCgAwIBAgIDE20oMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTE4MDEzMDIyMzY0N1oXDTE4MDcyOTIyMzY0N1owHjEc
MBoGA1UEAxMTd3d3Lnp1ZGlld2llbmVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKub78u8X2Al+R0QkTMWUt3i0D9xZrvG3ixYVlSdD2qOwx61
SWVYBmOwlT9CYsjHuM5zL3ibkNefBCEfEVvqvmAIpCs6VYru0ROI2xzq3RT+4DFU
dIb8YfZlEmOP6+kgNz+fnPKkLevO48h4ePEo8Kr1PD/8MQVw73+szwiHEl0D31mF
VG6trQdv0xi3mMBbzhmh871DiXvt0hQ+TJ3QUDweejCtY4oJRHxC4VX45aPSLheI
pz6us3wqB2sL515KlULKFRks4MateiTvvVnynHhFFWESTmhKvnQVP/LcH1pMCtWF
htR8zZCT4hpWVRABdBw5txkktWd4z6Etoa8KHFUCAwEAAaOCAQIwgf8wDAYDVR0T
AQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwNAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsG
AQUFBwMBBglghkgBhvhCBAEGCisGAQQBgjcKAwMwMwYIKwYBBQUHAQEEJzAlMCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5jYWNlcnQub3JnLzAxBgNVHR8EKjAoMCag
JKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tlLmNybDBBBgNVHREEOjA4
ghN3d3cuenVkaWV3aWVuZXIuY29toCEGCCsGAQUFBwgFoBUME3d3dy56dWRpZXdp
ZW5lci5jb20wDQYJKoZIhvcNAQENBQADggIBACVZU2rXuGu2E8x2vQ8hr8P9UI6i
nl1Ws+Ml+c7UDRFwHJhFntMvuDcbdIig55EbTXXJDgAU575q+Ex/GH+72/C/UA9a
efdZU4q+T/6JLq/X0u+zmBQg62VG9WlHrrc/wg+9D5+S0FMoouM0QC+WI8W5Yr1l
iW4qURFSxEVUZkc/9JUs9Tqht56Y5dBrim0vYlbjq8B5SKuSsBvYH94UA3DI2FNj
XRPFOY2JhLGqat3rVXOHaF707ae23P1IoK3TYeF4CT65kNClKYwG3EEMh9fh/flQ
OqXkaGTSbq3vHCvl7sVnVg7s0/ES6nr39N/nmsUJ7NwlalBtC30YJv/TNylQO3BY
Ik4rpLJVq+hHW8CiiYo+a6wFc1qtKNU/truJnxcS2A6OmDgCDhdQHqXR7DyKMKUS
66EE7kfAvBvWhNm2kW9nJkthJbi1wFNTQpa7VgaUbxX4ww7lETKG290SxcaMGQTp
MvpRWP+XDp8PPAjVPJsRfxM8QjZfOpl5FIYCy5+Sl+kYO4Ohd9E+Fo6KRdbZe+0n
RGmM5epYXlO/CvXkiIlP86w7QgPXFAs4obqJm9S5ylIFgnOYjPNlhnH/C6d+V94G
icocm+TCx5Y3dwazSKK2jLT9a3g7SkFlxZMfweo5ql+eZzUCUFhO8cH+VwXlOyma
D9WxZIXFeSAbXK4P
-----END CERTIFICATE-----
 1 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=www.mysite.com
issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3859 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 21B739DDABDFE46751A2AF7513AC18E85F450EBED6B32722C142493A5AD4601F
    Session-ID-ctx:
    Master-Key: BB5D516724043D227287D72F81E1C9738C5FA20774A20A457A068711932E43AECCFC45AD87E88B6E290087DAC31EF2C4
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 55 ef b6 26 5c 33 48 e7-21 3e 6d d4 f6 5b 1a b2   U..&\3H.!>m..[..
    0010 - 84 0d 3c eb 98 1b 22 e3-f4 72 53 11 10 98 cb c7   ..<..."..rS.....
    0020 - 59 55 58 15 8f cb ee d9-32 ad 74 9c f5 78 9d d8   YUX.....2.t..x..
    0030 - b8 0b 5d 7c 76 0f e7 18-13 c7 ad 7e c0 79 c1 df   ..]|v......~.y..
    0040 - cc 0c 24 a9 42 50 f7 b0-c4 c0 89 a6 fd aa 88 88   ..$.BP..........
    0050 - 4c 42 e6 34 b1 be 04 41-02 8d a9 e1 68 60 de f5   LB.4...A....h`..
    0060 - 86 05 31 2c ad 54 11 46-65 8a ff 6b a8 5a 1d 6b   ..1,.T.Fe..k.Z.k
    0070 - f9 c6 79 72 38 80 63 34-c5 14 e4 27 e2 ca c3 89   ..yr8.c4...'....
    0080 - ce ad c9 77 97 1b 57 9f-24 a1 44 4b d5 34 9e 89   ...w..W.$.DK.4..
    0090 - 1d 14 dd d2 c4 1f 9f 64-af c9 0b a1 0a de 4e 29   .......d......N)
    00a0 - f2 91 b8 dc 69 ae 0d 69-d6 c6 fc bb ee 55 0c 45   ....i..i.....U.E
    00b0 - be 8f 73 e3 8e 9c c2 91-11 5c ec f6 18 89 a9 a0   ..s......\......

    Start Time: 1530349065
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
DONE


Appreciate any hints on how to resolve this

tanstaafl
Moderator

User avatar
 
Posts: 44502
Joined: July 30th, 2003, 5:06 pm

Post Posted July 3rd, 2018, 5:04 am

I'm not used to using openSSL so I have problems parsing that output. http://kb.mozillazine.org/SSL_Security_Error lists the known errors, the one you ran into is not one of them.

https://dxr.mozilla.org/mozilla-central ... single#184 lists that error text for addExceptionNoCertLong2 . It appears to only be used in https://dxr.mozilla.org/mozilla-central ... nDialog.js . It looks like it occurs while checking for the availability of the certificate.

I thought cacert was not a supported CA anymore. Did you import its certificate and then try to use a email account that required cacert? Some background would help.

See http://wiki.cacert.org/FAQ/BrowserClients

Return to Thunderbird Support


Who is online

Users browsing this forum: Google [Bot] and 6 guests