본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Signed mail with S/MIME

  • 9 답장
  • 1 이 문제를 만남
  • 56 보기
  • 최종 답변자: Kaleun

more options

Hello, I want to use S/MIME in Thunerbird 78.10.1 (64-bit). In my account settings i've import a .pfx-file. I created this certificate with openssl. I choose this personal certificate for digital signature and encryption (i want to use end-to-end encryption).

If I try to send a signed mail I got an error message: "Application could not find the signing certificate which I choose in my account settings [...]" --> imprecise wording, I am using Thunderbird in German

But I only got this error message, if I choose as encryption technology S/MIME. When I choose OpenPGP as encryption technology I got no error message and the e-mail is sent digital signed.

Where is the problem?

Thanks for help.

Greetings

Hello, I want to use S/MIME in Thunerbird 78.10.1 (64-bit). In my account settings i've import a .pfx-file. I created this certificate with openssl. I choose this personal certificate for digital signature and encryption (i want to use end-to-end encryption). If I try to send a signed mail I got an error message: "Application could not find the signing certificate which I choose in my account settings [...]" --> imprecise wording, I am using Thunderbird in German But I only got this error message, if I choose as encryption technology S/MIME. When I choose OpenPGP as encryption technology I got no error message and the e-mail is sent digital signed. Where is the problem? Thanks for help. Greetings
첨부된 스크린샷

선택된 해결법

Now I got it :)

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Nope, that was not the problem. My problem was this: I created a certificate and imported it. The problem was, nowhere was it written who issued me the certificate. I had to create a CA certificate first, and then use it to sign my own certificate. So that Thunderbird can handle it, I not only have to import my signed certificate, but also add my self-created CA certificate to the list of trusted CAs :)

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (9)

more options
In my account settings i've import a .pfx-file. I created this certificate with openssl.

Not sure what exactly this means. In order to be able to digitally sign messages you'd also need to import the private key along with the cert.

글쓴이 christ1 수정일시

more options

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file.

When importing the certificate, I also had to enter the password (so that Thunderbird can access the private key).

more options

Is there anything related in the Error Console (Ctrl+Shift+J) when you attempt to sign a message?

more options

Good idea, I would try that, but unfortunately, I won't be back at my private PC for a week. I will write in a week.

more options

can an openpgp key be used to sign with s/mime? I would have thought it would fail the oscp test.

For the openPGP key I would have though the open PGP manager and signing would be the way you had to go.

more options

Hi Matt,

Matt schrieb

can an openpgp key be used to sign with s/mime? I would have thought it would fail the oscp test.

No, as far as I know that is not possible. S/MIME and OpenPGP use the same cryptographic algorithms, but the internal structure is different.

Matt schrieb

For the openPGP key I would have though the open PGP manager and signing would be the way you had to go.

Yeah, thats the way. I only tried a combination to find out how thunderbird behaves.

more options

Hi christ1,

christ1 schrieb

Is there anything related in the Error Console (Ctrl+Shift+J) when you attempt to sign a message?

When I choose OpenPGP as encryption technology for the signed e-mail (only signed, no encryption) I got no error message and the e-mail is sent digital signed. For more details, see the appendix.

When I choose S/MIME as encryption technology for the signed e-mail (only signed, no encryption) I got no logs in the Error Console :/ I just get the message: "Failed to send the message. You chose to digitally sign this message, but the application could not find the signature certificate you specified in your account settings, or the certificate has expired."

more options
"... You chose to digitally sign this message, but the application could not find the signature certificate you specified in your account settings, or the certificate has expired."

For signing a message you do need the private key. So either something is missing, or there's a problem with your cert. Without further details this is anyone's guess. I wouldn't be surprised if it's related to:

I created this certificate with openssl.

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

글쓴이 christ1 수정일시

more options

선택된 해결법

Now I got it :)

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Nope, that was not the problem. My problem was this: I created a certificate and imported it. The problem was, nowhere was it written who issued me the certificate. I had to create a CA certificate first, and then use it to sign my own certificate. So that Thunderbird can handle it, I not only have to import my signed certificate, but also add my self-created CA certificate to the list of trusted CAs :)