Configuring Certificates

This article is no longer maintained, so its content might be out of date.

Certificates

Certificates are the digital equivalent of identity cards. They are used to encrypt and decrypt information transferred between sites. Certificates are configured on the Advanced panel under the Certificates tab. The template "optionspreferences tb" does not exist or has no approved revision. The following options are available:

  • When a server requests my personal certificate: Some servers ask you to identify yourself with a personal certificate. In order to do so, they ask Thunderbird to generate one for you. When you connect to the server in the future, Thunderbird will ask you for which certificate to use. If you wish to have Thunderbird automatically choose a certificate, select the Select one automatically optionpreference.
    Note: A personal certificate can contain personal identity information, such as your name or address. It may therefore compromise your privacy if you select the Select one automatically optionpreference, because you will not be alerted when a website requests your personal certificate. Therefore, you may lose the ability to control who can access your personal information.
  • Query OCSP responder servers to confirm the current validity of certificates: Thunderbird may ask an OCSP (Online Certificate Status Protocol) server to confirm that a certificate is still valid. By default, Thunderbird validates a certificate if the certificate provides an OCSP server. You will most likely only need to change this if your Internet environment requires it.
  • View Certificates: Click this button to load the Certificate Manager, where you can view stored certificates, import new certificates, and back up or delete old certificates.
  • Revocation Lists: Thunderbird can use Certificate Revocation Lists (also known as CRLs) to ensure that your certificates are valid. Click the Revocation Lists button to manage the CRLs installed on your computer.
  • Validation: Thunderbird may ask an Online Certificate Status Protocol (OCSP) server to confirm that a certificate is still valid. By default, Thunderbird validates a certificate if the certificate provides an OCSP server. Alternatively, you can choose an OCSP server against which to validate all certificates. Click the Validation button to manage these optionspreferences.
  • Security Devices: Security devices can be used to encrypt and decrypt connections and store certificates and passwords. If you need to use a security device, click the Security Devices button.

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More