Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Signed mail with S/MIME

  • 9 antwurd
  • 1 hat dit probleem
  • 56 werjeftes
  • Lêste antwurd fan Kaleun

more options

Hello, I want to use S/MIME in Thunerbird 78.10.1 (64-bit). In my account settings i've import a .pfx-file. I created this certificate with openssl. I choose this personal certificate for digital signature and encryption (i want to use end-to-end encryption).

If I try to send a signed mail I got an error message: "Application could not find the signing certificate which I choose in my account settings [...]" --> imprecise wording, I am using Thunderbird in German

But I only got this error message, if I choose as encryption technology S/MIME. When I choose OpenPGP as encryption technology I got no error message and the e-mail is sent digital signed.

Where is the problem?

Thanks for help.

Greetings

Hello, I want to use S/MIME in Thunerbird 78.10.1 (64-bit). In my account settings i've import a .pfx-file. I created this certificate with openssl. I choose this personal certificate for digital signature and encryption (i want to use end-to-end encryption). If I try to send a signed mail I got an error message: "Application could not find the signing certificate which I choose in my account settings [...]" --> imprecise wording, I am using Thunderbird in German But I only got this error message, if I choose as encryption technology S/MIME. When I choose OpenPGP as encryption technology I got no error message and the e-mail is sent digital signed. Where is the problem? Thanks for help. Greetings
Keppele skermôfbyldingen

Keazen oplossing

Now I got it :)

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Nope, that was not the problem. My problem was this: I created a certificate and imported it. The problem was, nowhere was it written who issued me the certificate. I had to create a CA certificate first, and then use it to sign my own certificate. So that Thunderbird can handle it, I not only have to import my signed certificate, but also add my self-created CA certificate to the list of trusted CAs :)

Dit antwurd yn kontekst lêze 👍 0

Alle antwurden (9)

more options
In my account settings i've import a .pfx-file. I created this certificate with openssl.

Not sure what exactly this means. In order to be able to digitally sign messages you'd also need to import the private key along with the cert.

Bewurke troch christ1 op

more options

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file.

When importing the certificate, I also had to enter the password (so that Thunderbird can access the private key).

more options

Is there anything related in the Error Console (Ctrl+Shift+J) when you attempt to sign a message?

more options

Good idea, I would try that, but unfortunately, I won't be back at my private PC for a week. I will write in a week.

more options

can an openpgp key be used to sign with s/mime? I would have thought it would fail the oscp test.

For the openPGP key I would have though the open PGP manager and signing would be the way you had to go.

more options

Hi Matt,

Matt schrieb

can an openpgp key be used to sign with s/mime? I would have thought it would fail the oscp test.

No, as far as I know that is not possible. S/MIME and OpenPGP use the same cryptographic algorithms, but the internal structure is different.

Matt schrieb

For the openPGP key I would have though the open PGP manager and signing would be the way you had to go.

Yeah, thats the way. I only tried a combination to find out how thunderbird behaves.

more options

Hi christ1,

christ1 schrieb

Is there anything related in the Error Console (Ctrl+Shift+J) when you attempt to sign a message?

When I choose OpenPGP as encryption technology for the signed e-mail (only signed, no encryption) I got no error message and the e-mail is sent digital signed. For more details, see the appendix.

When I choose S/MIME as encryption technology for the signed e-mail (only signed, no encryption) I got no logs in the Error Console :/ I just get the message: "Failed to send the message. You chose to digitally sign this message, but the application could not find the signature certificate you specified in your account settings, or the certificate has expired."

more options
"... You chose to digitally sign this message, but the application could not find the signature certificate you specified in your account settings, or the certificate has expired."

For signing a message you do need the private key. So either something is missing, or there's a problem with your cert. Without further details this is anyone's guess. I wouldn't be surprised if it's related to:

I created this certificate with openssl.

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Bewurke troch christ1 op

more options

Keazen oplossing

Now I got it :)

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Nope, that was not the problem. My problem was this: I created a certificate and imported it. The problem was, nowhere was it written who issued me the certificate. I had to create a CA certificate first, and then use it to sign my own certificate. So that Thunderbird can handle it, I not only have to import my signed certificate, but also add my self-created CA certificate to the list of trusted CAs :)