Hello,

after installing Norton360 Advanced, I’m not able to fetch several IMAP E-Mail-accounts.

The E-Mail-accounts. ar SSL/TLS connections to a IMAP-Server with a self-signed certificate.

I temporory disabled the firewall, but the problem still exist.

Thanks

@Benutzer356 Here are some things to consider regarding your issues.

AI Overview

Fixing Thunderbird self-signed certificate errors requires manually adding the certificate to Thunderbird’s trust store or importing your self-signed root CA so the client automatically recognizes the mail server. [1, 2, 3]

1. Manually Add a Security Exception

If Thunderbird completely blocks connection to your mail server, you can manually force the client to trust it: [1]

1. Open Thunderbird.

2. Click the Menu icon (three horizontal lines) in the top right corner.

3. Select Settings (or Preferences).

4. Go to the Privacy & Security tab on the left.

5. Scroll down to the Certificates section and click Manage Certificates….

6. Select the Servers tab and click Add Exception….

7. Enter your mail server address (e.g., https://yourmailserver.com:993) and click Get Certificate.

8. Check the details and click Confirm Security Exception. [1, 2, 3]

9. Import Your Custom Root CA

If you generate multiple self-signed certificates for your home lab, importing the root Certificate Authority (CA) is a better, more permanent solution. [1, 2, 3, 4]

1. Go to Settings > Privacy & Security > Manage Certificates….

2. Click the Authorities tab and click Import…

3. Locate and select your .crt or .pem Certificate Authority file.

4. Check the box for “Trust this CA to identify email users” and click OK. [1, 2]

5. Workaround if Thunderbird Fails to Prompt

If Thunderbird is blocking the connection but failing to prompt you with the “Add Exception” dialog, you can temporarily disable SSL to trigger it: [1, 2]

1. Go to Account Settings (Right-click your email account > Settings).

2. Click Server Settings under your account.

3. Change Connection Security from SSL/TLS to None.

4. Try to fetch or send messages (this will force the server connection to open).

5. Thunderbird will then prompt you to accept the certificate. Once you accept it, change the connection security setting back to SSL/TLS. [1, 2]

6. Need a Permanent Fix?

Consider using Let’s Encrypt to issue free, valid SSL certificates instead of self-signed ones. It completely removes error prompts and avoids issues with automated renewal.

Conversely:

AI Overview

Thunderbird blocks self-signed certificates when your antivirus’s SSL/TLS email scanner intercepts secure connections. The antivirus issues its own substitute certificate, which Thunderbird doesn’t inherently trust. [1, 2]

To fix this, you must export your antivirus’s certificate and import it into Thunderbird’s trust store. [1, 2]

Step-by-Step Fix

1. Export the Antivirus Certificate: Open your antivirus suite (e.g., Avast, Norton, Bitdefender), go to the Email Shield/Protection settings, and find the option to “Export” or “Save” the mail scanner certificate. Save it to your desktop as a .crt or .der file.
2. Import into Thunderbird:

• Click the menu icon (three horizontal lines) in the top right corner and select Settings.
• Go to Privacy & Security in the left panel.
• Scroll down to the Certificates section and click Manage Certificates.
• Select the Authorities tab and click Import.
• Locate the certificate file you saved, check “Trust this CA to identify websites,” and click OK.

3. Clean Up Servers: While still in the Certificate Manager, click the Servers tab. Look for any entries tied to your antivirus’s mail scanner and delete them to force a fresh, trusted connection. [1, 2]

If you are using Avast or Norton, you can follow their official step-by-step guides for detailed walkthroughs of this process on the Avast Support Article or Norton Support Guide. [1, 2]

SA