为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Does not use macos certificate store for recipient public cert

  • 8 个回答
  • 2 人有此问题
  • 3 次查看
  • 最后回复者为 kramaric

more options

I have imported a vCard with a public certificate attaced. The person is now in the macos address book, and has a checkmark to the left of the email. This is clickable and shows a valid certificate.

Thunderbird however does not see this certificate, and I am therefore unable to send an signed and encrypted email to this recipient.

If I try to import the certificate into Thunderbirds certificate store through preferences / advanced / certificates / manage certificates / people / import

I have imported a vCard with a public certificate attaced. The person is now in the macos address book, and has a checkmark to the left of the email. This is clickable and shows a valid certificate. Thunderbird however does not see this certificate, and I am therefore unable to send an signed and encrypted email to this recipient. If I try to import the certificate into Thunderbirds certificate store through preferences / advanced / certificates / manage certificates / people / import
已附加屏幕截图

由kramaric于修改

被采纳的解决方案

Hi Chris,

I found a solution.

After adding both my certificate and the recipient to the Firefox cert store, I was able to add them to Thunderbird. Don't understand why this was necessary at all.

Happy Easter.

定位到答案原位置 👍 0

所有回复 (8)

more options

There's not much to tell without any more details about the cert.

I am therefore unable to send an signed and encrypted email to this recipient.

You don't need the recipients cert in order to send signed messages.

more options

Hi Chris,

Thanks for trying.

What would you like to know about the cert?

You are right that the recipients public cert is not necessary, but that is not what I am asking for. I need the ability to send it both signed and encrypted.

I can provide the following information if that will help. In Denmark we have a government controlled certificate authority, which can supply any citizen and company entity with a digital certificate to identify them. If one has the need, you can also add an email to the cert, so that encryption is possible as well.

I acces the cert store on the following page, where I search by recipient email:

https://service.nemid.nu/dk-da/support/soeg_certifikat/

In the field "E-mail-adresse" I enter: JJM@JJM-ADV.DK This yields two results. The one I need to send to is the second one:

  Jacqueline Mwenesani
  JJM@JJM-ADV.DK
  JJM Advokatfirma // CVR:37170747

The vCard download will add their public cert along with contact details into the Contacts app. Thunderbird does see the contact detail, but does not appear to access the cert. I then tried to download the cert using "Hent certifikat" and import it straight into Thunderbird. This fails.

This is where I am stuck. I don't what to try next.

more options

Assuming you do have the cert in .pem format. You could put that into an online certificate decoder, and see whether it's readable there. https://www.sslchecker.com/certdecoder

What would you like to know about the cert?

Basically all the cert details, ideally the cert itself.

more options

I gave you the instruction on how to fetch the cert. Let me know if there's another way of getting it to you.

I don't have the cert i pem format.

more options

The cert only has a MD5 and SHA-1 hash. Both hash types are outdated, and are not supported anymore, neither by Firefox nor Thunderbird. https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ As the cert has only been issued in Feb 2018, this whole government controlled certificate authority looks ridiculous to me.

由christ1于修改

more options

I find your statement odd. Why would the cert state that the signature algorithm is: SHA-256 with RSA Encryption ( 1.2.840.113549.1.1.11 ) on my mac's keychain?

more options

I was using the certificate decoder linked above. It did show a SHA-1 and MD5 hash. Using the openssl command it did show 'sha256WithRSAEncryption'.

> openssl x509 -in JacquelineMwenesani.cer -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1467516816 (0x57788790)
    Signature Algorithm: sha256WithRSAEncryption

So the hash thing was a false alarm.

Can you check the error console after trying to import the cert? Press Ctrl-Shift-J

You may still need to import the CA cert first and any intermediate certs in case they exist.

more options

选择的解决方案

Hi Chris,

I found a solution.

After adding both my certificate and the recipient to the Firefox cert store, I was able to add them to Thunderbird. Don't understand why this was necessary at all.

Happy Easter.