
S/MIME sending issue
I've finished setting up the S/MIME encryption in Thunderbird, and imported all the certificates needed. When people with the certificates emailed me, I could receive and read all the emails. However, when I replied to the same people, I got the error message saying 'End-to-end encryption requires resolving cerficiate issues'. My colleagues imported the same certificates without any issues. Do you have any suggestions for me to solve the issue? Thank you very much!
All Replies (13)
Is there anything related in the error console (Ctrl-Shift-J)?
What does 'I've ... imported all the certificates needed' exactly? Which certificates? Please be specific.
Do you have the public keys of the people sending encrypted messages to you?
@Scooter: Yes I do. That's why I can read all the encrypted message, I just cannot send or reply. :( @christ1: I mean the S/MIME certificates. In the 'End-to-End Encryption' / S/MIME Certificates, I uploaded my personal certificate, also imported my team's certificates for each person. All my team members have no issues sending and reading encrypted email, only I do. So I'm not sure what kind of problem it can be. What's the error console you're referring to? I'd like to check if that could be the issue. Thank you!
Messages from other people are encrypted with your public key. You open them with your private key.
Messages that you send are encrypted with your recipient’s public key.
In any case, you seem to be saying that you have everyone’s private public keys, so missing keys is probably not the problem.
Are you trying to send a message to many people at once?
Do you have more than one certificate from anyone?
Modified
@Scooter: Yeah I don't think the key is the issue, because other team members followed the exact same procedures and imported the exact same S/MIME certificate and none have problem with it, except me. I have one certificate for each person, and I tried to send 1 message to 1 person, as well as tried to reply an email to multiple people, same result. :(
The only way I know to get other people’s public keys is to receive them in signed messages from them. I do not know about importing other people’s certificates. So I wonder if that is the cause of the problem.
In your place, I would delete all the certificates in Thunderbird except mine, make sure that I have only one certificate, ask someone to send me a signed message, then try sending a message to them.
I understand that other people are not having this problem. Maybe there is a conflict among certificates only on your computer.
In the 'End-to-End Encryption' / S/MIME Certificates, I uploaded my personal certificate, also imported my team's certificates for each person.
The expectation would be to import your personal cert into the "Your Certificates" tab. Since the file you import must also contain the private key for this to work, typically you'd be prompted for a passphrase. Is this what you did/what happened?
Your team's certificates would need to be imported in the "People" tab. Is this what you did?
What's the error console you're referring to?
As previously suggested press Ctrl-Shift-J and look for certificate related errors when attempting to send an encrypted/signed message.
Thanks, christ1.
@christ1: Yes, that's exactly what happened. So I imported my personal certificate on 'Your certificates' tab, already put in the password, and imported successfully. Other team members' certificates were imported on the 'People' tab. However when I tried to send the message, it showed the error message. And when I pressed on 'Check the error', it says certificates are not found. That means, although I imported it, it wasn't recognized? Do I miss importing it somewhere else? I tried the Error Console you mentioned, and the message is as attached. Can you help me interpret what it means?
@Scooter: Thank you for the suggestion! I'll try that also!
Meggie, I posted my thoughts hastily. They were based on my experience with OpenPGP, not S/MIME, and mostly with a different e-mail program. So I was glad to see christ1 join the discussion, and I defer to him/her. I don't believe that my suggestions are appropriate for S/MIME. I'm sorry about the confusion.
I tried the Error Console you mentioned, and the message is as attached.
There is nothing in the error console screenshot relevant to your problem- You'd need to attempt sending an encrypted and signed message, and then open the error console right after that.