When you use an SSL-enabled service— such as IMAP to pick up your mail, SMTP to submit your mail, or LDAP to look up recipients of your mail— an SSL certificate is offered to the browser by that service to prove the identity of the service. SSL certificates are signed by a "certificate authority" (CA) for which the email client (or web browser) is expected to have a copy of the "root" certificate. Thunderbird (and Seamonkey) comes out of the box with a set of trusted certificate authority root certificates, but the SSL certificates for our services are signed by an authority run locally by the University of Washington Computing & Communications organization (C&C), and Thunderbird doesn't ship with their root certificate.
When a service offers a certificate for which the corresponding certificate authority root certificate is not available, a warning dialog is presented offering you the choice of rejecting the certificate, accepting it for the session, or accepting it permanently. None of these options are satisfying— in the first case, you won't be able to use the service, in the second case, you will be presented with the same warning in the next session, and in the third you are permanently accepting a certificate certifying an identiy that you have no good reason to believe.
If you are working on a CSE lab-managed machine, you should never see that warning, because CSE staff builds a local version of Thunderbird that already has a copy of that UW C&C CA root certificate. If you are working from a home machine, though, you will encounter it. To avoid it, you can install the UW C&C root certificate yourself. This document explains how.
The screenshots in this tutorial were created on a Linux machine. If you run Windows, you will notice a few minor differences in menus, labels, and window decorations, but the process is identical.
This document is a companion to several others:
1. If necessary, install and configure Thunderbird following the instructions in How to Use Thunderbird with CSE IMAP.
2. You need a local copy of UWServices.pem, the root CA certificate file. Click on that link and save it to your local disk. Remember where you saved it so you can find it in step 5.
3. If you are using Seamonkey, open the browser. To start the email client, click on the envelope icon near the bottom lefthand corner. Or select "Mail & Newsgroups" from the "Windows" menu. Or use the key combination Ctrl-2. (Thunderbird users: start Thunderbird directly.)
4. You need to access the "Security" settings for your UW CSE account. Get to this screen by selecting "Tools" (Seamonkey or Thunderbird on Linux: "Edit") from the menu bar and "Account settings" (Seamonkey: "Mail and newsgroup account settings") from the submenu (or by right-clicking on the name of the account and selecting "Properties." The account name will be in the lefthand pane of the mailer window). Click on the "View Certificates" button in the "Certificates" section of this "Security" screen.
$Id: AddCACert.html,v 1.2 2006/10/04 17:10:44 rose Exp $