TB wants to use my smartcard certificate from another mail account
I use TB 78.6 and there is a company mail account as well as a private mail account. For the company account, I installed a PKS#11 cryptography module from the smart card software which enables me to use the certificate saved on the smart card. That works as it should. However, when I connect to the private Mail account (Yahoo, OAuth2) via SSL, TB keeps asking me each time that imap.mail.yahoo.com:993 requires me to use a certificate and offers me as only solution to use the company certificate on the smart card which is totally unrelated to that account. I have the "remember" checkbox enabled and press on "cancel", but this decision is not remembered.
I tried to remove the cryptography module in the private mail account settings but that removed the module from all of the accounts. It looks like this is not a per-account-setting although it is listed individually for each account in the settings.
How can I stop TB from wanting to use my company certificate for that account?
FWIW: I am behind a company squid proxy which to me seems not to intercept SSL connections (how can I test that if it is related to the issue?).
Chosen solution
I've seen similar behavior with a Yahoo account, but never understood why it behaves like that.
At the top right of the Thunderbird window, click the menu button 
> Options > Privacy & Security > Certificates
When a server requests my personal certificate: Try to chose 'Select one automatically'
This should end the annoying certificate prompts.
Read this answer in context 👍 1All Replies (4)
Chosen Solution
I've seen similar behavior with a Yahoo account, but never understood why it behaves like that.
At the top right of the Thunderbird window, click the menu button > Options > Privacy & Security > Certificates
When a server requests my personal certificate: Try to chose 'Select one automatically'
This should end the annoying certificate prompts.
Thank you for that quick answer. Before I try that: Is it possible that TB first tries to use the company certificate, fails, and then continues? I'd rather not have a connection attempt with my company certificate because that would somehow create a connection between the private and the company mail account. I want to keep the accounts strictly separate to the outside world.
To be honest, I can't tell you much more than I already have, and I really don't know why Yahoo/AOL accounts behave that way. I wouldn't be too much worried about presenting a cert to Yahoo, whether it's personal or corporate. There is nothing secret about a cert, basically it is your public key. Wrt your point about creating a connection between the private and the company email, I don't know what Yahoo are doing with the cert being presented to them. Letting Thunderbird pick the cert automatically, it may even use the correct one, and not using the corporate one at all. It certainly has stopped the annoying cert prompts for me.
I found that this was also discussed already 12-13 years ago in https://bugzilla.mozilla.org/show_bug.cgi?id=431819
Perhaps the behavior has changed again as the code is prepared for future changes. It seems like certificate handling is still being worked on.