Signing emails with S/MIME cert fails, I cant undertand why
Hello,
Ive installed a MIME-certificate from Sectigo in Thunderbird 115.6.1 on Pop OS (flatpak).
The cert is in a pw-protected .p12-file which I have imported successfully. However when I try to sign emails I get the error-message shown in the first attached image. That the application cant find my cert or that it has expired. Both statements are incorrect imo :)
In attached image 2 and 3 it shows that the application has imported the cert and that its valid until 2025.
Any tips or input is helpful.
Also under Security Devices I have a PKCS#11 module that I have logged in to, but I dont see how that could affect PKCS#12 certs but I read in some guide that I had to do that. Which also apparently mean that master password is set for protecting credentials in the application, so I have to provide that password when opening Tunderbird.
Chosen solution
So the problem turned out to be how I created the certificate out of the files the CA provided. For Thunderbird I had to include the certificate chain file when creating the pfx.
Like this: openssl pkcs12 -export -in myname_public.crt -inkey myname_private.key -certfile public_chain.crt -out my_SMIME_cert.p12
So now it works!
Skaityti atsakymą kartu su kontekstu 👍 0All Replies (6)
Also, when viewing the certificate in Thunderbird its uses seem to support what I want to use it for, so I dont see that the certificate itself is the problem here. Right?
Try restating the certificate in the settings. Over the years I have had occasions when similar error have occurred and when I restate the certificate in account settings the line with the certificate to use comes back with what looks like a serial number after the certificate name and everything works again.
I restated the cert and then I get the serial after the name, as you said.
Unfortunately it did not help. The error msg when sending signed e-mails is still the same.
I also installed the .deb variant of Thunderbird in Pop OS, instead of the flatpak variant, and tried that one, but same error. So doesnt have to do with the variant of the application.
Modified by Dain_547647
Further investigation...
I set up a virtual machine with Windows 10 and MS Outlook (O365) and the same certificate works like a charm. Signing e-mails no problem.
Installed the Windows-version of Thunderbird on the same Windows VM and there I get the same error msg as above.
So MS Outlook 1, Thunderbird 0 I guess... :/
Perhaps try asking in the encryption list. https://thunderbird.topicbox.com/groups/e2ee
That is where the experts on mail encryption and some of the developers can be found.
Chosen Solution
So the problem turned out to be how I created the certificate out of the files the CA provided. For Thunderbird I had to include the certificate chain file when creating the pfx.
Like this: openssl pkcs12 -export -in myname_public.crt -inkey myname_private.key -certfile public_chain.crt -out my_SMIME_cert.p12
So now it works!
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.