Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Sending signed messages using smart card does not work with OpenSC on macOS

  • 2 replies
  • 1 has this problem
  • 96 views
  • Last reply by tamersaadeh

tamersaadeh
tamersaadeh
more options

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error:

Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library.

I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error: Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired. The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library. I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Modified by tamersaadeh

Chosen solution

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

Read this answer in context 👍 1

All Replies (2)

christ1
christ1
  • Top 25 Contributor
more options

Chosen Solution

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

Modified by christ1

tamersaadeh
tamersaadeh Question owner
more options

Thank you very much! The error message is really confusing, I think it is better if in the help articles this is mentioned clearly (and in the error message as I wasn't sure what problem it could have been).