Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

S/MIME sending issue

  • 20 replies
  • 0 have this problem
  • 30 views
  • Last reply by christ1

I've finished setting up the S/MIME encryption in Thunderbird, and imported all the certificates needed. When people with the certificates emailed me, I could receive and read all the emails. However, when I replied to the same people, I got the error message saying 'End-to-end encryption requires resolving cerficiate issues'. My colleagues imported the same certificates without any issues. Do you have any suggestions for me to solve the issue? Thank you very much!

I've finished setting up the S/MIME encryption in Thunderbird, and imported all the certificates needed. When people with the certificates emailed me, I could receive and read all the emails. However, when I replied to the same people, I got the error message saying 'End-to-end encryption requires resolving cerficiate issues'. My colleagues imported the same certificates without any issues. Do you have any suggestions for me to solve the issue? Thank you very much!

All Replies (20)

Is there anything related in the error console (Ctrl-Shift-J)?

What does 'I've ... imported all the certificates needed' exactly? Which certificates? Please be specific.

Helpful?

Do you have the public keys of the people sending encrypted messages to you?

Helpful?

@Scooter: Yes I do. That's why I can read all the encrypted message, I just cannot send or reply. :( @christ1: I mean the S/MIME certificates. In the 'End-to-End Encryption' / S/MIME Certificates, I uploaded my personal certificate, also imported my team's certificates for each person. All my team members have no issues sending and reading encrypted email, only I do. So I'm not sure what kind of problem it can be. What's the error console you're referring to? I'd like to check if that could be the issue. Thank you!

Helpful?

Messages from other people are encrypted with your public key. You open them with your private key.

Messages that you send are encrypted with your recipient’s public key.

In any case, you seem to be saying that you have everyone’s private public keys, so missing keys is probably not the problem.

Helpful?

Are you trying to send a message to many people at once?

Do you have more than one certificate from anyone?

Modified by Scooter

Helpful?

@Scooter: Yeah I don't think the key is the issue, because other team members followed the exact same procedures and imported the exact same S/MIME certificate and none have problem with it, except me. I have one certificate for each person, and I tried to send 1 message to 1 person, as well as tried to reply an email to multiple people, same result. :(

Helpful?

The only way I know to get other people’s public keys is to receive them in signed messages from them. I do not know about importing other people’s certificates. So I wonder if that is the cause of the problem.

In your place, I would delete all the certificates in Thunderbird except mine, make sure that I have only one certificate, ask someone to send me a signed message, then try sending a message to them.

I understand that other people are not having this problem. Maybe there is a conflict among certificates only on your computer.

Helpful?

In the 'End-to-End Encryption' / S/MIME Certificates, I uploaded my personal certificate, also imported my team's certificates for each person.

The expectation would be to import your personal cert into the "Your Certificates" tab. Since the file you import must also contain the private key for this to work, typically you'd be prompted for a passphrase. Is this what you did/what happened?

Your team's certificates would need to be imported in the "People" tab. Is this what you did?

What's the error console you're referring to?

As previously suggested press Ctrl-Shift-J and look for certificate related errors when attempting to send an encrypted/signed message.

Helpful?

Thanks, christ1.

Helpful?

@christ1: Yes, that's exactly what happened. So I imported my personal certificate on 'Your certificates' tab, already put in the password, and imported successfully. Other team members' certificates were imported on the 'People' tab. However when I tried to send the message, it showed the error message. And when I pressed on 'Check the error', it says certificates are not found. That means, although I imported it, it wasn't recognized? Do I miss importing it somewhere else? I tried the Error Console you mentioned, and the message is as attached. Can you help me interpret what it means?

Helpful?

@Scooter: Thank you for the suggestion! I'll try that also!

Helpful?

Meggie, I posted my thoughts hastily. They were based on my experience with OpenPGP, not S/MIME, and mostly with a different e-mail program. So I was glad to see christ1 join the discussion, and I defer to him/her. I don't believe that my suggestions are appropriate for S/MIME. I'm sorry about the confusion.

Helpful?

I tried the Error Console you mentioned, and the message is as attached.

There is nothing in the error console screenshot relevant to your problem- You'd need to attempt sending an encrypted and signed message, and then open the error console right after that.

Helpful?

Hi chris1,

I missed this response from you. :(

OK so I tried to send an encrypted email and I got this error message. I have the recipient's certificate and the recipient has my certificate as well. I already checked the certificate in my certification list and it expires in 2034. I tried to go for the Error Console right after that and this is what I get. Can you help me to interpret it? :( Thank you!!

Helpful?

Would you please post a screenpic of the area of your account settings that I have shown in my attached screenpic?

Helpful?

Hi Scooter,

Here is the screenshot!

Helpful?

Thanks, Meggie. I am out of ideas. I'll try to get more help for you.

Helpful?

From your screenshot, what's been selected in the fields for signing and encryption looks like your email address. However, it looks somewhat odd. What's supposed to be there is the cert you said you imported into Thunderbird's certificate store. If that was your cert, then it would indeed show the email address corresponding to the Subject and/or the SAN fields of your cert, along with hex characters in square brackets, which represent the serial no. of your cert. The latter part is missing, hence I doubt what's shown there properly represents your actual cert.

Can you post a screenshot of what shows when your press the 'Select' button?

Modified by christ1

Helpful?

OK. Soooo :))))

Hi christ1, from what you mentioned, I suppose there was something wrong with my certificate, so I deleted it and re-import my certificate again. Now, I can send encrypted email, just not digitally signed.

So I guess the issue is, my certificate is good for the encryption, but does not support the digital signature? The only thing I did differently this time is that I selected the personal certificate for encryption first, and did not select the personal certification for digital signing. Before, even when I uncheck the digital sign when sending the email, it still doesn't allow me, but now I can send an encrypted email without signing. And that's enough for my needs. So thank you very much for your support and patience!!!!

Helpful?

So I guess the issue is, my certificate is good for the encryption, but does not support the digital signature?

If what you imported into Thunderbird again did contain the private key belonging to your cert, then you should be able to sign messages.

The only thing I did differently this time is that I selected the personal certificate for encryption first, and did not select the personal certification for digital signing.

You'll have to also set up the signing cert in your account settings. Without that signing won't work.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.