Trang web này sẽ có chức năng hạn chế trong khi chúng tôi trải qua bảo trì để cải thiện trải nghiệm của bạn. Nếu một bài viết không giải quyết được vấn đề của bạn và bạn muốn đặt câu hỏi, chúng tôi có cộng đồng hỗ trợ của chúng tôi đang chờ để giúp bạn tại @FirefoxSupport trên Twitter và /r/firefox trên Reddit.

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Does not use macos certificate store for recipient public cert

  • 8 trả lời
  • 2 gặp vấn đề này
  • 3 lượt xem
  • Trả lời mới nhất được viết bởi kramaric

more options

I have imported a vCard with a public certificate attaced. The person is now in the macos address book, and has a checkmark to the left of the email. This is clickable and shows a valid certificate.

Thunderbird however does not see this certificate, and I am therefore unable to send an signed and encrypted email to this recipient.

If I try to import the certificate into Thunderbirds certificate store through preferences / advanced / certificates / manage certificates / people / import

I have imported a vCard with a public certificate attaced. The person is now in the macos address book, and has a checkmark to the left of the email. This is clickable and shows a valid certificate. Thunderbird however does not see this certificate, and I am therefore unable to send an signed and encrypted email to this recipient. If I try to import the certificate into Thunderbirds certificate store through preferences / advanced / certificates / manage certificates / people / import
Đính kèm ảnh chụp màn hình

Được chỉnh sửa bởi kramaric vào

Giải pháp được chọn

Hi Chris,

I found a solution.

After adding both my certificate and the recipient to the Firefox cert store, I was able to add them to Thunderbird. Don't understand why this was necessary at all.

Happy Easter.

Đọc câu trả lời này trong ngữ cảnh 👍 0

Tất cả các câu trả lời (8)

more options

There's not much to tell without any more details about the cert.

I am therefore unable to send an signed and encrypted email to this recipient.

You don't need the recipients cert in order to send signed messages.

more options

Hi Chris,

Thanks for trying.

What would you like to know about the cert?

You are right that the recipients public cert is not necessary, but that is not what I am asking for. I need the ability to send it both signed and encrypted.

I can provide the following information if that will help. In Denmark we have a government controlled certificate authority, which can supply any citizen and company entity with a digital certificate to identify them. If one has the need, you can also add an email to the cert, so that encryption is possible as well.

I acces the cert store on the following page, where I search by recipient email:

https://service.nemid.nu/dk-da/support/soeg_certifikat/

In the field "E-mail-adresse" I enter: JJM@JJM-ADV.DK This yields two results. The one I need to send to is the second one:

  Jacqueline Mwenesani
  JJM@JJM-ADV.DK
  JJM Advokatfirma // CVR:37170747

The vCard download will add their public cert along with contact details into the Contacts app. Thunderbird does see the contact detail, but does not appear to access the cert. I then tried to download the cert using "Hent certifikat" and import it straight into Thunderbird. This fails.

This is where I am stuck. I don't what to try next.

more options

Assuming you do have the cert in .pem format. You could put that into an online certificate decoder, and see whether it's readable there. https://www.sslchecker.com/certdecoder

What would you like to know about the cert?

Basically all the cert details, ideally the cert itself.

more options

I gave you the instruction on how to fetch the cert. Let me know if there's another way of getting it to you.

I don't have the cert i pem format.

more options

The cert only has a MD5 and SHA-1 hash. Both hash types are outdated, and are not supported anymore, neither by Firefox nor Thunderbird. https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ As the cert has only been issued in Feb 2018, this whole government controlled certificate authority looks ridiculous to me.

Được chỉnh sửa bởi christ1 vào

more options

I find your statement odd. Why would the cert state that the signature algorithm is: SHA-256 with RSA Encryption ( 1.2.840.113549.1.1.11 ) on my mac's keychain?

more options

I was using the certificate decoder linked above. It did show a SHA-1 and MD5 hash. Using the openssl command it did show 'sha256WithRSAEncryption'.

> openssl x509 -in JacquelineMwenesani.cer -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1467516816 (0x57788790)
    Signature Algorithm: sha256WithRSAEncryption

So the hash thing was a false alarm.

Can you check the error console after trying to import the cert? Press Ctrl-Shift-J

You may still need to import the CA cert first and any intermediate certs in case they exist.

more options

Giải pháp được chọn

Hi Chris,

I found a solution.

After adding both my certificate and the recipient to the Firefox cert store, I was able to add them to Thunderbird. Don't understand why this was necessary at all.

Happy Easter.