This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Signed mail with S/MIME

  • 9 majibu
  • 1 ana tatizo hili
  • 56 views
  • Last reply by Kaleun

more options

Hello, I want to use S/MIME in Thunerbird 78.10.1 (64-bit). In my account settings i've import a .pfx-file. I created this certificate with openssl. I choose this personal certificate for digital signature and encryption (i want to use end-to-end encryption).

If I try to send a signed mail I got an error message: "Application could not find the signing certificate which I choose in my account settings [...]" --> imprecise wording, I am using Thunderbird in German

But I only got this error message, if I choose as encryption technology S/MIME. When I choose OpenPGP as encryption technology I got no error message and the e-mail is sent digital signed.

Where is the problem?

Thanks for help.

Greetings

Hello, I want to use S/MIME in Thunerbird 78.10.1 (64-bit). In my account settings i've import a .pfx-file. I created this certificate with openssl. I choose this personal certificate for digital signature and encryption (i want to use end-to-end encryption). If I try to send a signed mail I got an error message: "Application could not find the signing certificate which I choose in my account settings [...]" --> imprecise wording, I am using Thunderbird in German But I only got this error message, if I choose as encryption technology S/MIME. When I choose OpenPGP as encryption technology I got no error message and the e-mail is sent digital signed. Where is the problem? Thanks for help. Greetings
Attached screenshots

Chosen solution

Now I got it :)

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Nope, that was not the problem. My problem was this: I created a certificate and imported it. The problem was, nowhere was it written who issued me the certificate. I had to create a CA certificate first, and then use it to sign my own certificate. So that Thunderbird can handle it, I not only have to import my signed certificate, but also add my self-created CA certificate to the list of trusted CAs :)

Read this answer in context 👍 0

All Replies (9)

more options
In my account settings i've import a .pfx-file. I created this certificate with openssl.

Not sure what exactly this means. In order to be able to digitally sign messages you'd also need to import the private key along with the cert.

Modified by christ1

more options

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file.

When importing the certificate, I also had to enter the password (so that Thunderbird can access the private key).

more options

Is there anything related in the Error Console (Ctrl+Shift+J) when you attempt to sign a message?

more options

Good idea, I would try that, but unfortunately, I won't be back at my private PC for a week. I will write in a week.

more options

can an openpgp key be used to sign with s/mime? I would have thought it would fail the oscp test.

For the openPGP key I would have though the open PGP manager and signing would be the way you had to go.

more options

Hi Matt,

Matt schrieb

can an openpgp key be used to sign with s/mime? I would have thought it would fail the oscp test.

No, as far as I know that is not possible. S/MIME and OpenPGP use the same cryptographic algorithms, but the internal structure is different.

Matt schrieb

For the openPGP key I would have though the open PGP manager and signing would be the way you had to go.

Yeah, thats the way. I only tried a combination to find out how thunderbird behaves.

more options

Hi christ1,

christ1 schrieb

Is there anything related in the Error Console (Ctrl+Shift+J) when you attempt to sign a message?

When I choose OpenPGP as encryption technology for the signed e-mail (only signed, no encryption) I got no error message and the e-mail is sent digital signed. For more details, see the appendix.

When I choose S/MIME as encryption technology for the signed e-mail (only signed, no encryption) I got no logs in the Error Console :/ I just get the message: "Failed to send the message. You chose to digitally sign this message, but the application could not find the signature certificate you specified in your account settings, or the certificate has expired."

more options
"... You chose to digitally sign this message, but the application could not find the signature certificate you specified in your account settings, or the certificate has expired."

For signing a message you do need the private key. So either something is missing, or there's a problem with your cert. Without further details this is anyone's guess. I wouldn't be surprised if it's related to:

I created this certificate with openssl.

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Modified by christ1

more options

Suluhisho teule

Now I got it :)

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Nope, that was not the problem. My problem was this: I created a certificate and imported it. The problem was, nowhere was it written who issued me the certificate. I had to create a CA certificate first, and then use it to sign my own certificate. So that Thunderbird can handle it, I not only have to import my signed certificate, but also add my self-created CA certificate to the list of trusted CAs :)