Vanwege onderhoudswerkzaamheden die uw ervaring zouden moeten verbeteren, heeft deze website beperkte functionaliteit. Als een artikel uw probleem niet verhelpt en u een vraag wilt stellen, kan onze ondersteuningsgemeenschap u helpen in @FirefoxSupport op Twitter en /r/firefox op Reddit.

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

How to use a PKCS#12/PFX Bundle to encrypt and sign emails, both CA Signed and Self-Signed.

  • 2 antwoorden
  • 1 heeft dit probleem
  • 2 weergaven
  • Laatste antwoord van Predatorian3

more options

I am on an OSX Machine, and I believe this will probably go for my Ubuntu setup as well where they already have GnuPG installed. Is there anyway to get those GPG Keys and Certificates presented to Thunderbird without having to use extra software?

When I was looking at importing a new Certificate bundle for signing, I saw that it was asking for a PKCS#12 or PFX bundle. I made a Self-Signed Certificate Bundle. Then I imported it into Thunderbird and it took. However, when I use that Certificate Bundle to sign my emails, I get the following error:

Sending of the message failed. Unable to sign message. Please check that the certificate specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.

So I went into on OSX Thunderbird -> Preferences -> Advanced -> Certificates -> Manage Certificates. Then I tried to add my Self-Signed Certificate to the Authorities list, but it says that it already exists, but as I went through all the Authorities listed my certificate was not present. Where should I look, or do I have to use the GPG Tools detailed in this Support Page: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages#thunderbird:mac:tb52 ?

I am on an OSX Machine, and I believe this will probably go for my Ubuntu setup as well where they already have GnuPG installed. Is there anyway to get those GPG Keys and Certificates presented to Thunderbird without having to use extra software? When I was looking at importing a new Certificate bundle for signing, I saw that it was asking for a PKCS#12 or PFX bundle. I made a Self-Signed Certificate Bundle. Then I imported it into Thunderbird and it took. However, when I use that Certificate Bundle to sign my emails, I get the following error: Sending of the message failed. Unable to sign message. Please check that the certificate specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail. So I went into on OSX Thunderbird -> Preferences -> Advanced -> Certificates -> Manage Certificates. Then I tried to add my Self-Signed Certificate to the Authorities list, but it says that it already exists, but as I went through all the Authorities listed my certificate was not present. Where should I look, or do I have to use the GPG Tools detailed in this Support Page: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages#thunderbird:mac:tb52 ?

Alle antwoorden (2)

more options
I made a Self-Signed Certificate Bundle.

What exactly does this mean, and what's inside that bundle?

... they already have GnuPG installed.

If you want to use a S/MIME certificate, you don't need GnuPG. If you want to use GnuPG with OpenPGP keys, you'd need to install the Enigmail add-on for Thunderbird.

Then I imported it into Thunderbird and it took.

Imported to which tab in the Certificate Manager? You'll need to import your cert and private key underneath the 'Personal' tab.

Sending of the message failed. Unable to sign message.

In order to be able to sign messages, you'll also need to import the private key. Typically cert and private key are bundled. You may be missing the private key though.

do I have to use the GPG Tools

No, not for S/MIME certs.

more options

christ1 said

...

For the Self-Signed Certificate Bundle I did the following

openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes openssl pkcs12 -export -out keyStore.pfx -inkey myKey.pem -in cert.pem
After seeing you say something about S/MIME Certificates, I probalby don't have the correct certificate then in my PFX bundle.