1

We have just started using Thunderbird autoconfiguration and find it really useful for automatically creating the company standard imap, smtp and ldap accounts for every user that launches the mail client.

However, the company ldap server (actually, a Windows domain controller) uses a certificate issued by our company Certification Authority, which is of course not trusted by Thunderbird. As a consequence, the ldap remote address book does not syncronize until the ca certificate is manually imported and trusted.

Can the dear thunderbird.cfg be employed to import and trust a ca root?

We already tried the following two solutions, and they apparently did nothing: maybe they are only for Firefox, or are not being correctly configured on our part.

  1. trying to trust ca roots trusted by the Windows operating system:

    pref("security.enterprise_roots.enabled, true");
    
  2. trying to import and trust the ca root certificate:

    var Cc = Components.classes;
    var Ci = Components.interfaces;
    var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
    var certdb2 = certdb;
    try {
       certdb2 = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB2);
    } catch (e) {}
    // This should be the certificate content with no line breaks at all.
    cert = "MII ... ==";
    certdb.addCertFromBase64(cert, "C,C,C");
    

Update, and a solution.

We couldn't figure out method 1., but were successful in the end with method 2. The mistake was my apparent misunderstanding of the sentence:

the third parameter has been removed from the API and should not be included

I thought addCertFromBase64 needed only have two parameters, whereas it still requires a third parameter, even if it's only a blank string. Editing the command to certdb.addCertFromBase64(cert, "C,C,C",""); did work.

simlev
  • 1,037
  • 2
  • 14
  • 22

1 Answers1

0

As for method 2., a parameter is missing. The following code works (see the last line):

var Cc = Components.classes;
var Ci = Components.interfaces;
var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
var certdb2 = certdb;
try {
   certdb2 = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB2);
} catch (e) {}
// This should be the certificate content with no line breaks at all.
cert = "MII ... ==";
certdb.addCertFromBase64(cert, "C,C,C","");
simlev
  • 1,037
  • 2
  • 14
  • 22