Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше
Відкрито

S/MIME encryption cannot find recipient's address despite valid cert in CertMgr/certutil

stefan.reichel

Hi,

I have successfully added my personal certificate in my account's E2EE and I can ever since digitally sign messages. Yay! After importing a multiple valid certificates for recipients, I tried to send encrypted emails to some of these (one recipient per email draft). All of them highlight the recipient's address in yellow with a yellow status bar: "End-to-end encryption requires resolving certificate issues for [recipient address]"

Clicking on the button "S/MIME" -> "View Certificates Of Recipients", a window comes up showing the address with the status "Not found". When I open "Settings -> Privacy & Security -> Certificate Manager", I see the certificates present with valid dates. Using certutil to investigate cert9.db in Thunderbird's profile folder, I also see the certificates being in there, but what struck me was the trust status: [...] Fingerprint (SHA-256):

       7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E
   Fingerprint (SHA1):
       56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4
   Mozilla-CA-Policy: false (attribute missing)
   Certificate Trust Flags:
       SSL Flags:
       Email Flags:
       Object Signing Flags:

I changed the Trust flags (first for emails, then for SSL email) by running certutil -M -n <recipient's email addresss> -t ",P," -d <certdir>

This lead to

Fingerprint (SHA-256):
       7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E
   Fingerprint (SHA1):
       56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4
   Mozilla-CA-Policy: false (attribute missing)
   Certificate Trust Flags:
       SSL Flags:
       Email Flags:
           Terminal Record
           Trusted
       Object Signing Flags:

Whils I am not sure if this makes any difference to my beforementioned problem, I realize "Mozilla-CA-Policy: false (attribute missing)". How can I address this missing attribute and what can I do to get my emails encrypted, please?

Hi, I have successfully added my personal certificate in my account's E2EE and I can ever since digitally sign messages. Yay! After importing a multiple valid certificates for recipients, I tried to send encrypted emails to some of these (one recipient per email draft). All of them highlight the recipient's address in yellow with a yellow status bar: "End-to-end encryption requires resolving certificate issues for [recipient address]" Clicking on the button "S/MIME" -> "View Certificates Of Recipients", a window comes up showing the address with the status "Not found". When I open "Settings -> Privacy & Security -> Certificate Manager", I see the certificates present with valid dates. Using certutil to investigate cert9.db in Thunderbird's profile folder, I also see the certificates being in there, but what struck me was the trust status: <code> [...] Fingerprint (SHA-256): 7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E Fingerprint (SHA1): 56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4 Mozilla-CA-Policy: false (attribute missing) Certificate Trust Flags: SSL Flags: Email Flags: Object Signing Flags: </code> I changed the Trust flags (first for emails, then for SSL email) by running <code> certutil -M -n <recipient's email addresss> -t ",P," -d <certdir> </code> This lead to <code> Fingerprint (SHA-256): 7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E Fingerprint (SHA1): 56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4 Mozilla-CA-Policy: false (attribute missing) Certificate Trust Flags: SSL Flags: Email Flags: Terminal Record Trusted Object Signing Flags: </code> Whils I am not sure if this makes any difference to my beforementioned problem, I realize "''Mozilla-CA-Policy: false (attribute missing)''". How can I address this missing attribute and what can I do to get my emails encrypted, please?

Щоб відповідати на повідомлення, ви повинні ввійти у свій обліковий запис. Поставте нове питання, якщо ви ще не маєте облікового запису.