Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Cannot Send Signed Email via CAC Card

  • 8 回覆
  • 1 有這個問題
  • 1 次檢視
  • 最近回覆由 cpdjh02

more options

I think I’ve followed all the steps to get Thunderbird signing and encrypting emails using my CAC.

I set up my CAC card reader as a security devise and was able to select one of my CAC certificate as the certificate used to sign emails and one to use for encrypting emails. I’m able to successfully read encrypted emails and I can send encrypted emails to folks but I can’t send a signed email. When I try to do so I first get prompted for my CAC pin and then the following error is presented: “Sending of the message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.”

I have all the DOD Certificate Authorities installed and I can see them all in the certificate manager. I set all of the DOD Email CA-## certificate trust settings to have the “This certificate can identify mail users” option checked. I also did the same for the DOD Root Certs.

I’m using Thunderbird 52.6.0 (32-bit) on Windows 7.

Can anyone help me with what I’m doing wrong?

I think I’ve followed all the steps to get Thunderbird signing and encrypting emails using my CAC. I set up my CAC card reader as a security devise and was able to select one of my CAC certificate as the certificate used to sign emails and one to use for encrypting emails. I’m able to successfully read encrypted emails and I can send encrypted emails to folks but I can’t send a signed email. When I try to do so I first get prompted for my CAC pin and then the following error is presented: “Sending of the message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.” I have all the DOD Certificate Authorities installed and I can see them all in the certificate manager. I set all of the DOD Email CA-## certificate trust settings to have the “This certificate can identify mail users” option checked. I also did the same for the DOD Root Certs. I’m using Thunderbird 52.6.0 (32-bit) on Windows 7. Can anyone help me with what I’m doing wrong?
附加的畫面擷圖

所有回覆 (8)

more options

Are you certain the corresponding private key for the signing cert is on that card?

more options

Yeah, I'm certain. I use the same card to sign emails with outlook and it works.

more options

Did this ever work with Thunderbird before?

Do you need to enable FIPS for your CAC card reader security device? Doesn't have the DOD any instructions or manuals how to set this up properly in Thunderbird?

Since Thunderbird for Windows is 32-bit only, make sure there is no 32-bit / 64-bit mismatch. See https://support.mozilla.org/en-US/questions/752709

由 christ1 於 修改

more options

Thanks for working with me on this christ1. I'm new to Thunderbird and haven't gotten this to work before. I tried going to my security devices and enabling FIPS mode but I still get the same error. "Sending of the message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail"

Since I can send encrypted emails it seems that certs can be pulled from my CAC ok but I'm not sure why the cert it pulls off for signing is not recognized as trusted

more options
more options

I am using the 32 bit version of the .dll. The module loads fine for me and I can use the certs on the CAC card to encrypt email so I don't think that is the issue.

more options
Since I can send encrypted emails it seems that certs can be pulled from my CAC ok but I'm not sure why the cert it pulls off for signing is not recognized as trusted

Encrypting doesn't require access to the private key. Signing does. So I can only guess that there is still some sort of pin or passphrase required to unlock the private key. Using different certs for encryption and signing sounds odd to me, but this may be intentionally.

more options

My CAC has 3 certs on it and when I'm selecting the certificates in the Security settings I'm not getting to choose the cert it only gives me one cert to choose from for the Digital Signing and it only gives me one choice for Encryption, and the certs it choose are different. I'm guessing it uses the 'Certificate Key Usage' certificate field to determine which one to use.

When I try to send a signed email I am getting prompted for the CACs pin, if that helps any.