Sending signed messages using smart card does not work with OpenSC on macOS
Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error:
Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.
The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library.
I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).
Alterado por tamersaadeh em
Solução escolhida
The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).
When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.
In any case the certificate is recognised as valid when importing it.
Along with the cert, did you also import the private key? The private key is needed for signing messages.
Ler esta resposta 👍 1Todas as respostas (2)
Solução escolhida
The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).
When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.
In any case the certificate is recognised as valid when importing it.
Along with the cert, did you also import the private key? The private key is needed for signing messages.
Alterado por christ1 em
Thank you very much! The error message is really confusing, I think it is better if in the help articles this is mentioned clearly (and in the error message as I wasn't sure what problem it could have been).