Emails received from a previous certificate are no longer decryptable. How to access
I have a free S/Mime cert from actalis.it. It expired a week ago. I have obtained a new certificate. All emails send to and received from contacts with whom I correspond via encrypted emails can no longer be decrypted.
How do I get access to these emails? The new certificate overwrites the old one PKCS12.certificate.<emailaddress>.pfx I have the originals of all of my certificate files.
An gyara
All Replies (3)
I have been using actalis certificates for some years, each year I just import a new certificate, It does not replace the old information in the database.
Just to be sure I opened the Certificate manger and I have certificate in there for the same address for three different Expiry dates and four different accounts. SO multiple accounts are not an issue.
Hi Matt, thanks for getting back to me.
So even though the pfx file is overwritten when I save the file and import it, what's in the data base is not affected. So, my mistake was deleting the expired certificate from Firefox.
That may not be the end of the world. My previous cert expired on the 25th of July. As Italy is 8 hours behind my time, I had to wait until the following day to request a new cert. Once I got it I removed the old one and imported the new one.
So, if I restore Thunderbird to the 25th (my backup was done 10pm my time), as the current date is now August the cert will expire and I can re-import the new one.
I believe certs are stored in cert8.db in the profile folder. Can I just copy the cert8 file from the backup, rather than restoring the entire profile folder?
Does that sound feasible?
From then on the lesson is never remove certs from Thunderbird, even if they have expired.
I have saved all my certs in a secure location, so to avoid overwriting them I guess I could just create a folder for each year and store them there.
An gyara
Ok, got it working;
1. Restore the cert8.db file from 25th July. 2. This restores the certificate for my address under People, but not the actual certificate for "Your certificates". 3. Re-import the expired certificate and enter the password for that certificate. 4. This removed the certs for people that I had corresponded with. Don't know if that was support to happen. 5. Re-import their key from exports from recent emails to get the People certs back
Can now read all old emails, and new emails are successfully signed and encrypted.
thanks for your help.