Also, when viewing the certificate in Thunderbird its uses seem to support what I want to use it for, so I dont see that the certificate itself is the problem here. Right?

Try restating the certificate in the settings. Over the years I have had occasions when similar error have occurred and when I restate the certificate in account settings the line with the certificate to use comes back with what looks like a serial number after the certificate name and everything works again.

I restated the cert and then I get the serial after the name, as you said.

Unfortunately it did not help. The error msg when sending signed e-mails is still the same.

I also installed the .deb variant of Thunderbird in Pop OS, instead of the flatpak variant, and tried that one, but same error. So doesnt have to do with the variant of the application.

Further investigation...

I set up a virtual machine with Windows 10 and MS Outlook (O365) and the same certificate works like a charm. Signing e-mails no problem.

Installed the Windows-version of Thunderbird on the same Windows VM and there I get the same error msg as above.

So MS Outlook 1, Thunderbird 0 I guess... :/

Perhaps try asking in the encryption list. https://thunderbird.topicbox.com/groups/e2ee

That is where the experts on mail encryption and some of the developers can be found.

So the problem turned out to be how I created the certificate out of the files the CA provided. For Thunderbird I had to include the certificate chain file when creating the pfx.

Like this: openssl pkcs12 -export -in myname_public.crt -inkey myname_private.key -certfile public_chain.crt -out my_SMIME_cert.p12

So now it works!