Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Signing emails with S/MIME cert fails, I cant undertand why

  • 6 답장
  • 0 이 문제를 만남
  • 2 보기
  • 최종 답변자: Dain_547647

more options

Hello,

Ive installed a MIME-certificate from Sectigo in Thunderbird 115.6.1 on Pop OS (flatpak).

The cert is in a pw-protected .p12-file which I have imported successfully. However when I try to sign emails I get the error-message shown in the first attached image. That the application cant find my cert or that it has expired. Both statements are incorrect imo :)

In attached image 2 and 3 it shows that the application has imported the cert and that its valid until 2025.

Any tips or input is helpful.

Also under Security Devices I have a PKCS#11 module that I have logged in to, but I dont see how that could affect PKCS#12 certs but I read in some guide that I had to do that. Which also apparently mean that master password is set for protecting credentials in the application, so I have to provide that password when opening Tunderbird.

Hello, Ive installed a MIME-certificate from Sectigo in Thunderbird 115.6.1 on Pop OS (flatpak). The cert is in a pw-protected .p12-file which I have imported successfully. However when I try to sign emails I get the error-message shown in the first attached image. That the application cant find my cert or that it has expired. Both statements are incorrect imo :) In attached image 2 and 3 it shows that the application has imported the cert and that its valid until 2025. Any tips or input is helpful. Also under Security Devices I have a PKCS#11 module that I have logged in to, but I dont see how that could affect PKCS#12 certs but I read in some guide that I had to do that. Which also apparently mean that master password is set for protecting credentials in the application, so I have to provide that password when opening Tunderbird.
첨부된 스크린샷

선택된 해결법

So the problem turned out to be how I created the certificate out of the files the CA provided. For Thunderbird I had to include the certificate chain file when creating the pfx.

Like this: openssl pkcs12 -export -in myname_public.crt -inkey myname_private.key -certfile public_chain.crt -out my_SMIME_cert.p12

So now it works!

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (6)

more options

Also, when viewing the certificate in Thunderbird its uses seem to support what I want to use it for, so I dont see that the certificate itself is the problem here. Right?

more options

Try restating the certificate in the settings. Over the years I have had occasions when similar error have occurred and when I restate the certificate in account settings the line with the certificate to use comes back with what looks like a serial number after the certificate name and everything works again.

more options

I restated the cert and then I get the serial after the name, as you said.

Unfortunately it did not help. The error msg when sending signed e-mails is still the same.

I also installed the .deb variant of Thunderbird in Pop OS, instead of the flatpak variant, and tried that one, but same error. So doesnt have to do with the variant of the application.

글쓴이 Dain_547647 수정일시

more options

Further investigation...

I set up a virtual machine with Windows 10 and MS Outlook (O365) and the same certificate works like a charm. Signing e-mails no problem.

Installed the Windows-version of Thunderbird on the same Windows VM and there I get the same error msg as above.

So MS Outlook 1, Thunderbird 0 I guess... :/

more options

Perhaps try asking in the encryption list. https://thunderbird.topicbox.com/groups/e2ee

That is where the experts on mail encryption and some of the developers can be found.

more options

선택된 해결법

So the problem turned out to be how I created the certificate out of the files the CA provided. For Thunderbird I had to include the certificate chain file when creating the pfx.

Like this: openssl pkcs12 -export -in myname_public.crt -inkey myname_private.key -certfile public_chain.crt -out my_SMIME_cert.p12

So now it works!