Mismatched domain names with server certificates & e-mail

[sid1950]

Thought this might be useful.

I have a Linux Reseller Account, with a number of mail servers, and have a large number of admin accounts for support. I use Mozilla Thunderbird for my own mail, and wanted to try out the security features.

I use TBird 2.0.0.4 and if I select "Use TLS, if available" in Account Settings > Server Settings > Security Settings I had a problem with mismatched domain names. The mail server is on one domain, but the server is signed by the domain name of the computer on which my reseller server resides - e.g the mail server is mail.mydomain.net, but the certificate is signed by computername.hostdomain.com. This would throw up a mismatched domain name error, so I would have to turn that security setting off. This doesn't happen if you have a VPS Hosting or Dedicated server account.

The solution was to install a Thunderbird extension called Remember Mismatched Domains. When the error comes up you can choose whether to accept the certificate permanently, temporarily or not at all. After checking it is valid, I can select permanently and then it never asks again. It also works with SSL, and I can turn on "Use Secure Authentication".

Thunderbird is available here - http://www.mozilla-europe.org/en/products/thunderbird/

And the extension here - https://addons.mozilla.org/en-US/thunderbird/addon/2131

[swexpert]

Hello Sid,
Adding the extension will only "supress" the problem and that too only on your computer. You have to buy certificates for the domain you're intending to use the server for, in order to actually solve the problem.

Regds
IJ