Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Should Thunderbird allow encrypting of S/MIME email using an ECC certificate? I can successfully sign and receive signed messages that use an ECC certificate, b

  • 4 replies
  • 1 has this problem
  • 1 view
  • Last reply by Matt

more options

I can successfully sign and receive signed messages that use an ECC certificate, but attempts to use the same certificate for encryption get a pop-up window (during save or attempting to send) with

   Unable to save your message as a draft. [Sending of the message failed.]
   Unable to encrypt message. Please check that you have a valid email
   certificate for each recipient. Please check that the certificates
   specified in Mail & Newsgroups Account Settings for this mail
   account are valid and trusted for mail
I can successfully sign and receive signed messages that use an ECC certificate, but attempts to use the same certificate for encryption get a pop-up window (during save or attempting to send) with Unable to save your message as a draft. [Sending of the message failed.] Unable to encrypt message. Please check that you have a valid email certificate for each recipient. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail

All Replies (4)

more options

just curious. Did this start after an update or after you added the certificate. I have found that with all my digital signing certificates I have had to remove them from the account settings and add them again. At which point the certificate serial number was shown beside the email address for the certificate.

This might work for you.

more options

thank you Mr.Matt for reply..To understand my issues I will describe every steps that I did. first I installed last version of Thunderbird(68)then I created two email accounts on gmail .then I used openssl to create my own self sign certificate authority with elliptic curve key (curve name "prim 256v1")finally I create two smime certificate also with ecc (curve name "prim 256v1") the sign is work normally but the encryption is not work. - I did same steps but with RSA and every things work normally (signing and encrypt). I think Thunderbird not support all elliptic curves .I will try to use different elliptic curve.

more options

Is there anything cert related in the error console (Ctrl-Shift-J)?

more options

I suggest you go here. https://www.actalis.it/products/certificates-for-secure-electronic-mail.aspx

Get one of their s/mime SSL certificates and see if they work better than your self signed ones. Fundamentally s/mime operates on a certificate system that probably does not support self signed certificates, unless you are running your own revocation server.