Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Sending signed messages using smart card does not work with OpenSC on macOS

  • 2 antwurd
  • 1 hat dit probleem
  • 1 werjefte
  • Lêste antwurd fan tamersaadeh

tamersaadeh
tamersaadeh
more options

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error:

Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library.

I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error: Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired. The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library. I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Bewurke troch tamersaadeh op

Keazen oplossing

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

Dit antwurd yn kontekst lêze 👍 1

Alle antwurden (2)

christ1
christ1
  • Top 25 Contributor
more options

Keazen oplossing

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

Bewurke troch christ1 op

tamersaadeh
tamersaadeh Fraacheigener
more options

Thank you very much! The error message is really confusing, I think it is better if in the help articles this is mentioned clearly (and in the error message as I wasn't sure what problem it could have been).