Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Does not use macos certificate store for recipient public cert

  • 8 답장
  • 2 이 문제를 만남
  • 13 보기
  • 최종 답변자: kramaric

more options

I have imported a vCard with a public certificate attaced. The person is now in the macos address book, and has a checkmark to the left of the email. This is clickable and shows a valid certificate.

Thunderbird however does not see this certificate, and I am therefore unable to send an signed and encrypted email to this recipient.

If I try to import the certificate into Thunderbirds certificate store through preferences / advanced / certificates / manage certificates / people / import

I have imported a vCard with a public certificate attaced. The person is now in the macos address book, and has a checkmark to the left of the email. This is clickable and shows a valid certificate. Thunderbird however does not see this certificate, and I am therefore unable to send an signed and encrypted email to this recipient. If I try to import the certificate into Thunderbirds certificate store through preferences / advanced / certificates / manage certificates / people / import
첨부된 스크린샷

글쓴이 kramaric 수정일시

선택된 해결법

Hi Chris,

I found a solution.

After adding both my certificate and the recipient to the Firefox cert store, I was able to add them to Thunderbird. Don't understand why this was necessary at all.

Happy Easter.

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (8)

more options

There's not much to tell without any more details about the cert.

I am therefore unable to send an signed and encrypted email to this recipient.

You don't need the recipients cert in order to send signed messages.

more options

Hi Chris,

Thanks for trying.

What would you like to know about the cert?

You are right that the recipients public cert is not necessary, but that is not what I am asking for. I need the ability to send it both signed and encrypted.

I can provide the following information if that will help. In Denmark we have a government controlled certificate authority, which can supply any citizen and company entity with a digital certificate to identify them. If one has the need, you can also add an email to the cert, so that encryption is possible as well.

I acces the cert store on the following page, where I search by recipient email:

https://service.nemid.nu/dk-da/support/soeg_certifikat/

In the field "E-mail-adresse" I enter: JJM@JJM-ADV.DK This yields two results. The one I need to send to is the second one:

  Jacqueline Mwenesani
  JJM@JJM-ADV.DK
  JJM Advokatfirma // CVR:37170747

The vCard download will add their public cert along with contact details into the Contacts app. Thunderbird does see the contact detail, but does not appear to access the cert. I then tried to download the cert using "Hent certifikat" and import it straight into Thunderbird. This fails.

This is where I am stuck. I don't what to try next.

more options

Assuming you do have the cert in .pem format. You could put that into an online certificate decoder, and see whether it's readable there. https://www.sslchecker.com/certdecoder

What would you like to know about the cert?

Basically all the cert details, ideally the cert itself.

more options

I gave you the instruction on how to fetch the cert. Let me know if there's another way of getting it to you.

I don't have the cert i pem format.

more options

The cert only has a MD5 and SHA-1 hash. Both hash types are outdated, and are not supported anymore, neither by Firefox nor Thunderbird. https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ As the cert has only been issued in Feb 2018, this whole government controlled certificate authority looks ridiculous to me.

글쓴이 christ1 수정일시

more options

I find your statement odd. Why would the cert state that the signature algorithm is: SHA-256 with RSA Encryption ( 1.2.840.113549.1.1.11 ) on my mac's keychain?

more options

I was using the certificate decoder linked above. It did show a SHA-1 and MD5 hash. Using the openssl command it did show 'sha256WithRSAEncryption'.

> openssl x509 -in JacquelineMwenesani.cer -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1467516816 (0x57788790)
    Signature Algorithm: sha256WithRSAEncryption

So the hash thing was a false alarm.

Can you check the error console after trying to import the cert? Press Ctrl-Shift-J

You may still need to import the CA cert first and any intermediate certs in case they exist.

more options

선택된 해결법

Hi Chris,

I found a solution.

After adding both my certificate and the recipient to the Firefox cert store, I was able to add them to Thunderbird. Don't understand why this was necessary at all.

Happy Easter.