Thunderbird LDAP Address book certificate errors
An LDAP address book in Thunderbird is a great way to have a centralised list of e-mail contacts. This way you only have to maintain one list (done outside of Thunderbird) for multiple computers etc.
I recently set one up but was presented with an SSL error when trying to connect to my LDAP server through a PuTTY tunnel:
ssl_error_bad_cert_domain
This is because the hostname I was connecting to was "localhost" and not the actual server's name (due to the tunnel).
When viewing a web-site in Firefox you'd just click Add Exception, but there is no option for this here. Do not fret though, as you can add a certificate exception manually.
Unblocking TLS ports
First off you need to unblock the relevant port.
- Navigate to: Menu > Options > Advanced > General > Config Editor...
- Right click and select New > String
- Enter a preference of "network.security.ports.banned.override"
- And a comma separated list of port numbers you're interested in (e.g. 636)
Adding a certificate exception
- Navigate to: Menu > Options > Advanced > Certificates > Manage Certificates > Servers
- Click Add Exception...
- Enter the hostname and port that your Thunderbird client is connecting to, e.g.: localhost:636
- Click Get Certificate
- Select "Permanently store this exception"
- Click Confirm Security Exception
You may need to restart Thunderbird to get this to kick into life. You can also remove the blocked port, but will have to re-add it every time you need to go through this process (which might be frequently if you're using a Lets Encrypt 90 certificate).
This article was updated in 2019 to reflect changes to the Thunderbird UI.