Join the Mozilla’s Test Days event from Dec 2–8 to test the new Firefox address bar on Firefox Beta 134 and get a chance to win Mozilla swag vouchers! 🎁

Avatar for Username

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

이 쓰레드는 보존되었습니다. 만약 도움이 필요하시면 새로운 질문을 올려주세요.

How to use a PKCS#12/PFX Bundle to encrypt and sign emails, both CA Signed and Self-Signed.

  • 2 답장
  • 1 이 문제를 만남
  • 2 보기
  • 최종 답변자: Predatorian3

Predatorian3
Predatorian3
more options

I am on an OSX Machine, and I believe this will probably go for my Ubuntu setup as well where they already have GnuPG installed. Is there anyway to get those GPG Keys and Certificates presented to Thunderbird without having to use extra software?

When I was looking at importing a new Certificate bundle for signing, I saw that it was asking for a PKCS#12 or PFX bundle. I made a Self-Signed Certificate Bundle. Then I imported it into Thunderbird and it took. However, when I use that Certificate Bundle to sign my emails, I get the following error:

Sending of the message failed. Unable to sign message. Please check that the certificate specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.

So I went into on OSX Thunderbird -> Preferences -> Advanced -> Certificates -> Manage Certificates. Then I tried to add my Self-Signed Certificate to the Authorities list, but it says that it already exists, but as I went through all the Authorities listed my certificate was not present. Where should I look, or do I have to use the GPG Tools detailed in this Support Page: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages#thunderbird:mac:tb52 ?

I am on an OSX Machine, and I believe this will probably go for my Ubuntu setup as well where they already have GnuPG installed. Is there anyway to get those GPG Keys and Certificates presented to Thunderbird without having to use extra software? When I was looking at importing a new Certificate bundle for signing, I saw that it was asking for a PKCS#12 or PFX bundle. I made a Self-Signed Certificate Bundle. Then I imported it into Thunderbird and it took. However, when I use that Certificate Bundle to sign my emails, I get the following error: Sending of the message failed. Unable to sign message. Please check that the certificate specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail. So I went into on OSX Thunderbird -> Preferences -> Advanced -> Certificates -> Manage Certificates. Then I tried to add my Self-Signed Certificate to the Authorities list, but it says that it already exists, but as I went through all the Authorities listed my certificate was not present. Where should I look, or do I have to use the GPG Tools detailed in this Support Page: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages#thunderbird:mac:tb52 ?

모든 댓글 (2)

christ1
christ1
  • Top 25 Contributor
more options
I made a Self-Signed Certificate Bundle.

What exactly does this mean, and what's inside that bundle?

... they already have GnuPG installed.

If you want to use a S/MIME certificate, you don't need GnuPG. If you want to use GnuPG with OpenPGP keys, you'd need to install the Enigmail add-on for Thunderbird.

Then I imported it into Thunderbird and it took.

Imported to which tab in the Certificate Manager? You'll need to import your cert and private key underneath the 'Personal' tab.

Sending of the message failed. Unable to sign message.

In order to be able to sign messages, you'll also need to import the private key. Typically cert and private key are bundled. You may be missing the private key though.

do I have to use the GPG Tools

No, not for S/MIME certs.

Predatorian3
Predatorian3 질문자
more options

christ1 said

...

For the Self-Signed Certificate Bundle I did the following

openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes openssl pkcs12 -export -out keyStore.pfx -inkey myKey.pem -in cert.pem
After seeing you say something about S/MIME Certificates, I probalby don't have the correct certificate then in my PFX bundle.