Trang web này sẽ có chức năng hạn chế trong khi chúng tôi trải qua bảo trì để cải thiện trải nghiệm của bạn. Nếu một bài viết không giải quyết được vấn đề của bạn và bạn muốn đặt câu hỏi, chúng tôi có cộng đồng hỗ trợ của chúng tôi đang chờ để giúp bạn tại @FirefoxSupport trên Twitter và /r/firefox trên Reddit.

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

I've picked certificates from my cert card which Thunderbird can see but it can't actually decrypt or sign with them. (Encrypt works)

  • 2 trả lời
  • 1 gặp vấn đề này
  • 2 lượt xem
  • Trả lời mới nhất được viết bởi Matt

more options

Thunderbird 31.3.0 Win7 Enterprise, SP1 (all patches, corporate maintained) ActivClient x64 - 7.0.2.403

I just got a new machine from corporate. The old one had ActivClient 6.2.0.133 and I had it working there. With my cert card inserted, TB can see the certs on the card. It lists them in the "Your Certificates" tab in the cert manager. And in the account settings, security section it lets me pick certs for digital signing and encryption. But when I try to use them to sign or decrypt an email it doesn't work. It does let me encrypt an email which others can read. I've checked about:config and it matches what I picked in account settings.

When I try to decrypt it gives me the boilerplate: " Thunderbird cannot decrypt this message

The sender encrypted this message to you using one of your digital certificates, however Thunderbird was not able to find this certificate and corresponding private key. Possible solutions:

   If you have a smartcard, please insert it now.
   If you are using a new machine, or if you are using a new Thunderbird profile, you will need to restore your certificate and private key from a backup. Certificate backups usually end in ".p12"."

If I try to sign it says "Sending of message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail." TB only lets me pick the cert named "Digital Signature" for use in the first place! And the cert's properties according to TB are "This certificate has been verified for the following uses: SSL Client Certificate, Email Signer Certificate". So TB knows it is good for signing. I'm out of things to try at this point.

Thanks for the help.

Thunderbird 31.3.0 Win7 Enterprise, SP1 (all patches, corporate maintained) ActivClient x64 - 7.0.2.403 I just got a new machine from corporate. The old one had ActivClient 6.2.0.133 and I had it working there. With my cert card inserted, TB can see the certs on the card. It lists them in the "Your Certificates" tab in the cert manager. And in the account settings, security section it lets me pick certs for digital signing and encryption. But when I try to use them to sign or decrypt an email it doesn't work. It does let me encrypt an email which others can read. I've checked about:config and it matches what I picked in account settings. When I try to decrypt it gives me the boilerplate: " Thunderbird cannot decrypt this message The sender encrypted this message to you using one of your digital certificates, however Thunderbird was not able to find this certificate and corresponding private key. Possible solutions: If you have a smartcard, please insert it now. If you are using a new machine, or if you are using a new Thunderbird profile, you will need to restore your certificate and private key from a backup. Certificate backups usually end in ".p12"." If I try to sign it says "Sending of message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail." TB only lets me pick the cert named "Digital Signature" for use in the first place! And the cert's properties according to TB are "This certificate has been verified for the following uses: SSL Client Certificate, Email Signer Certificate". So TB knows it is good for signing. I'm out of things to try at this point. Thanks for the help.

Tất cả các câu trả lời (2)

more options

I've found a bit more information. When I'm trying to sign an email and check the cert info from the compose message window->security->view the cert that TB is trying to use, it is using the wrong cert and not the one I selected! No wonder it doesn't work! It is using a cert only specified for "Email Recipient Certificate" instead of the one I selected in account settings that is for "Signing, Non-repudiation" according to account settings and "SSL Client Certificate" + "Email Signer Certificate" according to the certificate manager.

This pretty clearly seems like a bug. I've never submitted a bug to TB before. Can I get some help doing that? I'm not a SW developer of any kind. This is completely breaking my ability to use TB. Half of my email traffic is encrypted.

more options

Nevermind on the last part. TB is telling me what certificate of the recipient it is using, not the certificate of mine it is using to encrypt or sign. I confused the issue because I was trying to send test messages to myself.