所有產品 社群討論區

I'm used to check certs with right click on icon beside the address. Also for own servers in my local LAN I need this. I know there is Let's Encrypt. But sometimes it's more easy to just have a self signed cert and verify it myself. Also I want to see, who signed a cert from www.snakeoil.com/insert_your_credetials.

Please help.

rundekugel

I recently obtained a digital certificate for use with S/MIME. I followed the process laid out in

https://support.mozilla.org/en-US/kb/instructions-smime-certificate-using-csr

to generate my key pair, create a CSR, submit it to a CA, download the resulting certificate file, and import it into Thunderbird. I also imported the intermediate certificate showed as the issuer for my cert, which in turn appears to be signed by one of the certs trusted by default in Thunderbird.

Having done that, I see the certificate showing up under "your certificates" in the Certificate Manager, with a "not before" date in the past and a "not after" date in the future. So everything appears to look correct, but when I try to send a signed email I get the following error message as a pop-up:

"Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired."

And if I look at the console in developer tools I see:

"mailnews.send: NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgComposeSecure.beginCryptoEncapsulation]

   _startCryptoEncapsulation resource:///modules/MimeMessage.sys.mjs:488
   _writePart resource:///modules/MimeMessage.sys.mjs:536
   createMessageFile resource:///modules/MimeMessage.sys.mjs:82
   createAndSendMessage resource:///modules/MessageSend.sys.mjs:147
   CompleteGenericSendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6456
   GenericSendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6372
   SendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6984
   doCommand chrome://messenger/content/messengercompose/MsgComposeCommands.js:1085
   doCommand chrome://messenger/content/messengercompose/MsgComposeCommands.js:1263
   goDoCommand chrome://messenger/content/globalOverlay.js:99
   oncommand chrome://messenger/content/messengercompose/messengercompose.xhtml:1
   openWindowPrompt resource:///actors/PromptParent.sys.mjs:75
   receiveMessage resource:///actors/PromptParent.sys.mjs:18
   openPrompt resource://gre/modules/Prompter.sys.mjs:1228
   openPromptSync resource://gre/modules/Prompter.sys.mjs:1071
   alert resource://gre/modules/Prompter.sys.mjs:1375
   alert resource://gre/modules/Prompter.sys.mjs:78
   fail resource:///modules/MessageSend.sys.mjs:358
   createAndSendMessage resource:///modules/MessageSend.sys.mjs:157

MessageSend.sys.mjs:149:32

   createAndSendMessage resource:///modules/MessageSend.sys.mjs:149
   CompleteGenericSendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6456
   GenericSendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6372
   SendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6984
   doCommand chrome://messenger/content/messengercompose/MsgComposeCommands.js:1085
   doCommand chrome://messenger/content/messengercompose/MsgComposeCommands.js:1263
   goDoCommand chrome://messenger/content/globalOverlay.js:99
   oncommand chrome://messenger/content/messengercompose/messengercompose.xhtml:1
   openWindowPrompt resource:///actors/PromptParent.sys.mjs:75
   receiveMessage resource:///actors/PromptParent.sys.mjs:18
   openPrompt resource://gre/modules/Prompter.sys.mjs:1228
   openPromptSync resource://gre/modules/Prompter.sys.mjs:1071
   alert resource://gre/modules/Prompter.sys.mjs:1375
   alert resource://gre/modules/Prompter.sys.mjs:78
   fail resource:///modules/MessageSend.sys.mjs:358
   createAndSendMessage resource:///modules/MessageSend.sys.mjs:157"

I can't make sense of the error message, since the certificate appears under "your certificates" in the certificate manager, and it does not appear to be expired. Can anyone suggest how to determine the root cause and fix it? Does it matter that the certificate is for a non-default identify I've added for the account in Thunderbird? Does it matter if the "common name" in the certificate doesn't match the "Your Name" field in Thunderbird? Any pointers on what to check would be appreciated.

OS: GNU/Linux Thunderbird Desktop

Is it possible to set up a TLS client certificate for authentication with SMTP, as it is with IMAP?

It works fine on the K-9 Android client for both IMAP and SMTP.

Is there a reason why this hasn't yet been added as an authentication method for SMTP?

Thank you!

Best Regards

I've disabled HTTPS only mode. When i enter a local http://server.localdomain server Firefox upgrades that to https://server.localdomain. How do I disable that?

Thunderbird Filelink uses end-to-end encryption and files are only encrypted/decrypted locally but unless the code running on your system is reviewed and validated you don't really know what it does. I would think that every time recipients click on the link and use the web interface to download a file, their browser is sent a script that does the decoding. Similarly, if you use the web interface of a Send instance to send a file, your browser is sent a script for encoding.

If the above is correct, how do we know these scripts are always the open source scripts that have been independently validated? Isn't it conceivable that a Send instance may send you a customized script for encryption/decryption that compromises encryption? This could be done with selected targets to avoid attracting attention too.

certificate for imap <edited>@peternedsmith.co.uk is not valid, someone could be trying to impersonate the server and you should not continue, on clicking the more info, on the panel that comes up, if I click on get certificate, the selections below get greyed out and nothing happens, I have viewed the certificate, and it appears to be from the US, I have taken a screenshot of the top part of it, which is below. Regards Peter Smith

I successfully imported the self-signed CA certificate into thunderbird. Then I tried to import the p12 S/MIME client certificate and this error message popped up (cf. screenshot below).

However, I checked the client certificate and it seems fine:

1. openssl pkcs12 -in smime-client-certificate.p12 -info -noout

Enter Import Password: MAC: sha256, Iteration 2048 MAC length: 32, salt length: 8 PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256 Certificate bag PKCS7 Data Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256

1. pk12util -l smime-client-certificate.p12

Enter password for PKCS12 file: Certificate(has private key):

   Data:
       Version: 3 (0x2)
       Serial Number: 1 (0x1)
       Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
       Issuer: "..."
       Validity:
           Not Before: Thu Feb 19 13:32:18 2026
           Not After : Sun Feb 17 13:32:18 2036
       Subject: "E=user@example.com,CN=user@example.com,
           O=example.com,ST=...,C=..."
       Subject Public Key Info:
           Public Key Algorithm: X9.62 elliptic edwards curve public key
       unknown SPKI algorithm type
       Raw:
           69:58:ee:5d:45:3f:10:d9:bb:8c:a3:b6:a5:c6:16:a6:
           53:78:65:77:73:5d:e0:6f:60:df:2c:32:f3:c2:e2:58
       Signed Extensions:
           Name: Certificate Basic Constraints
           Data: Is not a CA.

           Name: Certificate Key Usage
           Usages: Digital Signature
                   Non-Repudiation
                   Key Encipherment

           Name: Extended Key Usage
               E-Mail Protection Certificate

           Name: Certificate Subject Key ID
           Data:
               99:8a:6d:e4:ec:3a:25:5d:ad:26:a0:36:e1:da:a2:ea:
               bc:88:79:50

           Name: Certificate Authority Key Identifier
           Key ID:
               f5:6c:37:9a:37:d1:81:43:d3:54:3f:b9:33:23:85:c1:
               7e:17:73:88

           Name: Certificate Subject Alt Name
           RFC822 Name: "user@example.com"

   Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
   Signature:
       44:3a:5e:d7:44:51:f1:3c:a3:80:d8:54:f4:9c:d8:0b:
       ...
   Fingerprint (SHA-256):
       88:95:7A:DF:A5:7C:D1:E8:A5:55:A8:18:BD:BD:7D:92:1F:7D:6E:17:26:68:39:84:26:F3:F6:F3:4A:5C:56:90
   Fingerprint (SHA1):
       72:83:D0:13:C9:C9:AD:46:CA:C3:73:66:9E:79:5B:5C:3B:2E:81:47

Key(shrouded):

   Encryption algorithm: PKCS #5 Password Based Encryption v2 
       Encryption:
           KDF: PKCS #5 Password Based Key Derive Function v2 
               Parameters:
                   Salt:
                       dc:f9:bf:4a:80:e1:7c:4a:b4:f5:52:6b:9b:d5:75:ad
                   Iteration Count: 2048 (0x800)
                   KDF algorithm: HMAC SHA-256
           Cipher: AES-256-CBC
               Args:
                   04:10:0d:a4:96:03:00:2a:d5:a6:fe:d3:6c:a5:d0:12:
                   67:b3

What is going on and how to troubleshoot this issue as there is no logging about this matter into /var/log/syslog?

Environment: - Ubuntu 25.10 - thunderbird 2:1snap1-0ubuntu3

Hello if i enter proxy and ip address in firefox in Manual proxy configuration section then when i open a website its asks for username and password my question is can proxy owner see my data and i am using https websites like post data ?