5

I have a mail server that has a self signed SSL certificate.

I use Thunderbird to access this server, and it asks me to accept this certificate.

So lets say I accept this in a semi secure location, for example on a local network. Then move on to an insecure net with my certificate accepted in Thunderbird email client.

Thunderbird is set to use STARTTLS to the email server.

Is it so that once this certificate is accepted, it is impossible to do a man in the middle attack. For somebody to make use of this public self signed SSL certificate they also need a private key that the mail server keeps?

The red flag is if Thunderbird one day suddenly wants me to accept a new certificate from the mail server.

Don Juan
  • 53
  • 2

3 Answers3

4

Is it so that once this certificate is accepted, it is impossible to do a man in the middle attack. For somebody to make use of this public self signed SSL certificate they also need a private key that the mail server keeps?

That is correct. An attacker cannot fake being the remote server unless they have the private key that matches what the client is using.

Problems remaining include brute-forcing the certificate (basically not going to happen), stealing the private key from the server, or exploiting a software vulnerability (that would probably affect "real" certs exactly the same as self-signed certs).

For verification of a known certificate, a self-signed certificate that you are confident in when you accept it is as good as anything else. PKI / signing chains make distribution and revocation much simpler, but are not critical to maintaining the authentication of a key. They just help the simplicity and tracing. That matters in the public and with large companies. If you're just talking about your private mail server, I do the exact same thing with a self-signed certificate.

Jeff Ferland
  • 20,239
  • 2
  • 61
  • 85
3

You should strongly consider getting a free SSL Cert if you control the domain. There are a couple provides of free certs.

The "accepted" cert in Thunderbird pairs the hostname by which you referenced the server with the thumbprint of the certificate. So a MITM attack would be nigh impossible without solving the DL Problem. This assumes you picked a reasonable bit length (2048 or 4096 these days; though arguments could be made for 1024).

PKI Keys are only ever useful if you have both the private and public key. Yes, new warnings about certificate errors should always be reviewed with the utmost discernment.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • ..surely the certificate CN determines what hostname matches. – adaptr Jan 23 '12 at 16:03
  • @adaptr nope; not how Thunderbird or Firefox keep track of certificate exemptions. – Chris S Jan 23 '12 at 16:06
  • The SSL certificate that comes from the server in my case says "localhost" and nothing about the particular domain name. And the bit lenght is long. So you are saying my setup is semi secure? Or is the domain name in the SSL certificate important to make it secure? – Don Juan Jan 23 '12 at 16:18
  • The CN in the certificate is irrelevant in your case; because you're only using it with client computers you control. There are more "correct" ways of setting this up, but what you've got does work. – Chris S Jan 23 '12 at 16:29
0

If you trust the original certificate you imported into Thunderbird, then this will be used for all subsequent connections to the server matching the CN in the certificate.

Since the self-signed cert does not overlap with anything issued by a public CA, there are exactly 2 cases where a new certificate will be requested from the (possible compromised or spoofed) server:

  • the certificate has expired, or
  • the hostname does not match the CN in the certificate

The second case can occur sooner than you think: if you are on a dynamic IP, and somehow connect to the IP and not the hostname, it won't match.

adaptr
  • 16,479
  • 21
  • 33
  • Er, no. If you import the self signed certificate into Thunderbird then a server with a matching CN could be used. But that's not the question here. He's setting up a cert exemption, which isn't the same. – Chris S Jan 23 '12 at 16:07
  • In what way is this an **exemption** ? He's just manually importing a certificate. – adaptr Jan 23 '12 at 16:18
  • Where in the Question do you see the word "import"?? He does mention the "accept this certificate" dialog, which is the Certificate Exception dialog. – Chris S Jan 23 '12 at 16:30