Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

S/MIME certificates from other people not working

  • 6 replies
  • 1 has this problem
  • 274 views
  • Last reply by Dana

more options

Hi,

I switched from Windows Live Mail to Thunderbird 91 recently (clean install, Windows 10 Pro). My workplace uses Gsuite, I set up IMAP (port 993) in Thunderbird and I'm getting and sending emails just fine. Me and my colleagues use S/MIME certificates by Actalis.

The thing is, I can decrypt most of my colleague emails but there are a couple of people where Thunderbird crossed out the S/MIME icon and says "There are unknown problems with this encrypted message." In Windows Live Mail I can see it's encrypted and I can read it just fine. It's just Thunderbird that's being funny.

After switching from Windows Live Mail, I haven't done anything with the certificates. I'm not sure why it can decrypt some people but it can't decrypt others. Their certificates are all valid and they appear in the certificate manager in Thunderbird.

I'm not really sure what I'm doing wrong or how to fix it, so any help would be appreciated!

Hi, I switched from Windows Live Mail to Thunderbird 91 recently (clean install, Windows 10 Pro). My workplace uses Gsuite, I set up IMAP (port 993) in Thunderbird and I'm getting and sending emails just fine. Me and my colleagues use S/MIME certificates by Actalis. The thing is, '''I can decrypt most of my colleague emails''' but there are a couple of people where Thunderbird crossed out the S/MIME icon and says "There are unknown problems with this encrypted message." In Windows Live Mail I can see it's encrypted and I can read it just fine. It's just Thunderbird that's being funny. After switching from Windows Live Mail, I haven't done anything with the certificates. I'm not sure why it can decrypt some people but it can't decrypt others. Their certificates are all valid and they appear in the certificate manager in Thunderbird. I'm not really sure what I'm doing wrong or how to fix it, so any help would be appreciated!

Chosen solution

Okay, I seem to have fixed it. The emails were sent to a group email, all I needed to do was reinstall the certificate for that group email, set up an identity for my own email and restart Thunderbird.

Read this answer in context 👍 0

All Replies (6)

more options

Thunderbird has a strict interpenetration of the specification. The most common issue is the sender is not actually using the address the certificate is for. For instance BWinton and BillWinton are NOT the same email addresses even if they may be the same person. Other common failures is a certificate to "Assistant@Domain being used by BillWinton@Domain because he is the assistant.

It is also possible the person is using an anti virus that actually edits the email (perhaps to put in a meaningless scanned by message.) the result being the checksum of the signed message is not valid, so the message is not secure.

Modified by Matt

more options

Thanks for your input, Matt!

Most coworkers use Thunderbird and don't have the same issue, so it has to be something else. Any way I can troubleshoot this?

more options

you might start by opening the error console (ctrl+Shift+J) and clearing it with the trash can icon. Then try opening one of these mails and see what appears as an error.

more options

Unfortunately there are no errors.

more options

otherwise You might see if there are any experts on the E2EE mailing list that know about logging. https://thunderbird.topicbox.com/groups/e2ee because like just about everything about s/mime there is basically no documentation of how it works or can be logged.

more options

Chosen Solution

Okay, I seem to have fixed it. The emails were sent to a group email, all I needed to do was reinstall the certificate for that group email, set up an identity for my own email and restart Thunderbird.