On 14/12/2024 14:09, Dima wrote:
Using VPN via SOCK5
Got a message notification pop-up "Certificate for imap.google.com does
not come from the trusted source." with a button "activate".
Likely imap.googlemail.com
For HTTP, providers sometimes use "captive portal" to request user
authentication or to show some notification. For TLS it causes an error.
I have no idea if some party (VPN provider? Proxy authentication?
Incorrect VPN configuration?) may use it for IMAP.
In some cases server does not send an intermediate certificate in
signing chain (browser on administrator's computer acquired it from
other site, so they are unaware of the issue), but I would not expect it
from Google.
A tool to debug issues is "openssl s_client"
- View a log. May be there is a log in Thunderbird or in systemd, and I
can identify that issue, found certificate that blamed.
Thunderbird has console [Ctrl+Shift+J], but usually logs (and their
persistence) should be enabled in advance.
Maybe certificate management is better documented for Firefox.
