Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Sending signed messages using smart card does not work with OpenSC on macOS

  • 2 відповіді
  • 1 має цю проблему
  • 1 перегляд
  • Остання відповідь від tamersaadeh

more options

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error:

Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library.

I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error: Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired. The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library. I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Змінено tamersaadeh

Обране рішення

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

Читати цю відповідь у контексті 👍 1

Усі відповіді (2)

more options

Вибране рішення

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

Змінено christ1

more options

Thank you very much! The error message is really confusing, I think it is better if in the help articles this is mentioned clearly (and in the error message as I wasn't sure what problem it could have been).