Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen
Offen

S/MIME encryption cannot find recipient's address despite valid cert in CertMgr/certutil

Thunderbird Verschlüsselung
stefan.reichel
stefan.reichel

Hi,

I have successfully added my personal certificate in my account's E2EE and I can ever since digitally sign messages. Yay! After importing a multiple valid certificates for recipients, I tried to send encrypted emails to some of these (one recipient per email draft). All of them highlight the recipient's address in yellow with a yellow status bar: "End-to-end encryption requires resolving certificate issues for [recipient address]"

Clicking on the button "S/MIME" -> "View Certificates Of Recipients", a window comes up showing the address with the status "Not found". When I open "Settings -> Privacy & Security -> Certificate Manager", I see the certificates present with valid dates. Using certutil to investigate cert9.db in Thunderbird's profile folder, I also see the certificates being in there, but what struck me was the trust status: [...] Fingerprint (SHA-256): 

       7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E
   Fingerprint (SHA1):
       56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4

   Mozilla-CA-Policy: false (attribute missing)
   Certificate Trust Flags:
       SSL Flags:
       Email Flags:
       Object Signing Flags:

I changed the Trust flags (first for emails, then for SSL email) by running certutil -M -n <recipient's email addresss> -t ",P," -d <certdir>

This lead to 

Fingerprint (SHA-256):
       7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E
   Fingerprint (SHA1):
       56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4

   Mozilla-CA-Policy: false (attribute missing)
   Certificate Trust Flags:
       SSL Flags:
       Email Flags:
           Terminal Record
           Trusted
       Object Signing Flags:

Whils I am not sure if this makes any difference to my beforementioned problem, I realize "Mozilla-CA-Policy: false (attribute missing)". How can I address this missing attribute and what can I do to get my emails encrypted, please?

Hi, I have successfully added my personal certificate in my account's E2EE and I can ever since digitally sign messages. Yay! After importing a multiple valid certificates for recipients, I tried to send encrypted emails to some of these (one recipient per email draft). All of them highlight the recipient's address in yellow with a yellow status bar: "End-to-end encryption requires resolving certificate issues for [recipient address]" Clicking on the button "S/MIME" -> "View Certificates Of Recipients", a window comes up showing the address with the status "Not found". When I open "Settings -> Privacy & Security -> Certificate Manager", I see the certificates present with valid dates. Using certutil to investigate cert9.db in Thunderbird's profile folder, I also see the certificates being in there, but what struck me was the trust status: <code> [...] Fingerprint (SHA-256): 7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E Fingerprint (SHA1): 56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4 Mozilla-CA-Policy: false (attribute missing) Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: </code> I changed the Trust flags (first for emails, then for SSL email) by running <code> certutil -M -n <recipient's email addresss> -t ",P," -d <certdir> </code> This lead to <code> Fingerprint (SHA-256): 7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E Fingerprint (SHA1): 56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4 Mozilla-CA-Policy: false (attribute missing) Certificate Trust Flags: SSL Flags: Email Flags: Terminal Record Trusted Object Signing Flags: </code> Whils I am not sure if this makes any difference to my beforementioned problem, I realize "''Mozilla-CA-Policy: false (attribute missing)''". How can I address this missing attribute and what can I do to get my emails encrypted, please?

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.