I've been using my own self-signed ssl certificates for my web and mail servers since years. After my last distribution upgrade, the following error appeared on firefox and thunderbird:

The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.

This problem is linked to a recently found security failure pertaining the MD5 algorithm (see here).

To handle this issue:

  • on Firefox: write "about:config" in the URL bar and search for security.enable_md5_signature: turned this value to "yes";
  • on Thunderbird: in the "preferences" menu, go to "advanced" / "general" and click on "Config editor": search for security.enable_md5_signature and turn its value to "yes".