Btw I’m on Thundebird 128.12 on Linux.

You posted: "When trying to send an encrypted mail to somebody new, I get an error “End-to-end encryption requires resolving certificate issues with somebody@example.com”.

The message is not very helpful, and doesn’t propose any solution. So a web search gave me this article: Prerequisite for sending an encrypted email message. It states:

> If Thunderbird considers the email's signature and the sender's certificate valid, it will automatically be imported and available when you attempt to encrypt an email to that correspondent using the S/MIME technology.

When I open the sender’s mail, the signature is confirmed as valid by Thunderbird."

Didn't you say in the beginning that you had an error message?

Thunderbird is an email client that queries CRLs (the whole procedure seems to be undergoing changes). What more do you think tbird can do about someone elses ctfs?

Hi, thanks for your answer.

Yes, that’s exactly the point.

The nuance is that I get an error when trying to *send* (i.e. encrypt) the mail—not when reading it or verifying the certificate and the signature.

I’d expect tbird to import the certificate once I open the sender’s mail, which it doesn’t seem to do.

Maybe the changes broke it?

Is there any manual way to import that certificate?

Is there anything related in the error console (CTRL-Shift-J) when you attempt to send an encrypted message?

Is this always happening or just for one particular recipient?

Hi and thanks for helping.

Yes, there’s an error in the console when trying to send the message encrypted:

`mailnews.send: NS_ERROR_ILLEGAL_VALUE: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [nsIMsgComposeSecure.beginCryptoEncapsulation]`

It’s hard to tell if it’s always happening, since I don’t receive S/MIME-signed mails from unknown senders every day. If you could send one to test, that’d be great! You can send to smime@ux-t.dev