Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Sending signed messages using smart card does not work with OpenSC on macOS

  • 2 回覆
  • 1 有這個問題
  • 1 次檢視
  • 最近回覆由 tamersaadeh

more options

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error:

Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library.

I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error: Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired. The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library. I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

由 tamersaadeh 於 修改

被選擇的解決方法

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

從原來的回覆中察看解決方案 👍 1

所有回覆 (2)

more options

選擇的解決方法

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

由 christ1 於 修改

more options

Thank you very much! The error message is really confusing, I think it is better if in the help articles this is mentioned clearly (and in the error message as I wasn't sure what problem it could have been).