Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to resolve S/MIME certificate issues

  • 2 replies
  • 2 have this problem
  • 22 views
  • Last reply by Andy

more options

I'm trying to send encrypted email to a recipient who I have a certificate for, but Thunderbird states:

End-to-end encryption requires resolving certificate issues for ....

That's rather unhelpful - what issues exactly? I've imported the CA certs into the system and they are shown in TB. openssl verify on the cert returns OK. I'm at a loss as to what might be the issue.

I'm trying to send encrypted email to a recipient who I have a certificate for, but Thunderbird states: End-to-end encryption requires resolving certificate issues for .... That's rather unhelpful - what issues exactly? I've imported the CA certs into the system and they are shown in TB. openssl verify on the cert returns OK. I'm at a loss as to what might be the issue.

All Replies (2)

more options

I have very little idea what you are talking about. Like I have no idea what openssl verify is.

What I do know is you use your own s/mime certificate to encrypt mail not the recipients. Having their public certificate only allows you to decrypt encrypted mail they sent you. Do you have an s/mime certificate installed to use to encrypt the email? (That is not a PGP certificate. They are different again.) Have you send your prospective recipient an S/mime signed email so they have your certificate to decrypt the mail you send.

Helpful?

more options

Hello! Unfortunately, I have the same issue since some update after 6 June.

At the time, I could simply reply to a signed email with an encrypted one. Now, with TB 128.12 I cannot, and TB shows a yellow warning.

According to https://support.mozilla.org/en-US/kb/thunderbird-help-cannot-encrypt#w_obtaining-smime-certificates-of-correspondents, TB is supposed to automatically import people’s certificates, when you open their mail, and their certificate is valid.

In my case, it doesn’t do that any more. Could you verify on your side?

Matt, thanks for your help, but I see some need to clarify your statements. A certificate practically is just a signed public key. So analog to other asynchronous encryption use cases, the certificate is used as follows, simplified:

  1. You use your own certificate (key) to decrypt messages you receive, and to sign them.
  2. Other people’s certificates are necessary to encrypt messages for them, or to verify their signature.

Modified by Andy

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.