Btw I’m on Thundebird 128.12 on Linux.

You posted: "When trying to send an encrypted mail to somebody new, I get an error “End-to-end encryption requires resolving certificate issues with somebody@example.com”.

The message is not very helpful, and doesn’t propose any solution. So a web search gave me this article: Prerequisite for sending an encrypted email message. It states:

> If Thunderbird considers the email's signature and the sender's certificate valid, it will automatically be imported and available when you attempt to encrypt an email to that correspondent using the S/MIME technology.

When I open the sender’s mail, the signature is confirmed as valid by Thunderbird."

Didn't you say in the beginning that you had an error message?

Thunderbird is an email client that queries CRLs (the whole procedure seems to be undergoing changes). What more do you think tbird can do about someone elses ctfs?

Hi, thanks for your answer.

Yes, that’s exactly the point.

The nuance is that I get an error when trying to *send* (i.e. encrypt) the mail—not when reading it or verifying the certificate and the signature.

I’d expect tbird to import the certificate once I open the sender’s mail, which it doesn’t seem to do.

Maybe the changes broke it?

Is there any manual way to import that certificate?

Is there anything related in the error console (CTRL-Shift-J) when you attempt to send an encrypted message?

Is this always happening or just for one particular recipient?

Hi and thanks for helping.

Yes, there’s an error in the console when trying to send the message encrypted:

`mailnews.send: NS_ERROR_ILLEGAL_VALUE: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [nsIMsgComposeSecure.beginCryptoEncapsulation]`

It’s hard to tell if it’s always happening, since I don’t receive S/MIME-signed mails from unknown senders every day. If you could send one to test, that’d be great! You can send to smime@ux-t.dev

So, I verified in my list of certificates for people, and that new person didn’t figure in the list. Other people did, the last one from 6 June.

When the cert from the new contact wasn't imported into your Thunderbird's certificate store I'd suspect a problem with that cert. Due to the lack of a valid cert you do get the error message when attempting to send an encrypted message to that recipient.

Is there any manual way to import that certificate?

Ask the owner of the problematic cert to send it as an email attachment. You can then try to import it into Thunderbird. At the top right of the Thunderbird window, click the menu button ≡ > Settings - Privacy & Security - Certificates - Manage Certificates

In the Certificate Manager select the 'People' tab, and click Import

If you could send one to test, that’d be great!

I don't want to do that.