We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Recipient's "encrypt-only" S/MIME certificate deemed not valid by Thunderbird

  • 1 trả lời
  • 1 gặp vấn đề này
  • 11 lượt xem
  • Trả lời mới nhất được viết bởi Roland Tanglao

more options

My Thunderbird version at the moment is 102.13.0 (64-bit) running under Linux but the issue is not limited to either this particular version, nor the OS - colleagues running Thunderbird on Windows boxes report the same thing. We deal with an organization which issues their own S/MIME certificates. For a long time it worked flawlessly - we imported their CA as trusted, imported personal certificates of email recipients and everything worked smooth. Lately they started issuing two different certificates per person - one for signing emails, another for encryption. And now since emails from them come with a signature created with a certificate which has "Digital Signature" and "Non Repudiation" uses - everything works fine "inbound". The problem starts if we want to send encrypted emails back to them. Even if we import the encryption certificates we get (those have only "Key Encipherment" usage) and the certificates themselves are valid in any possible way (lifetime, proper CA chain imported and so on), still Thunderbird tells us it can't find proper certificate to encrypt the message.

My Thunderbird version at the moment is 102.13.0 (64-bit) running under Linux but the issue is not limited to either this particular version, nor the OS - colleagues running Thunderbird on Windows boxes report the same thing. We deal with an organization which issues their own S/MIME certificates. For a long time it worked flawlessly - we imported their CA as trusted, imported personal certificates of email recipients and everything worked smooth. Lately they started issuing two different certificates per person - one for signing emails, another for encryption. And now since emails from them come with a signature created with a certificate which has "Digital Signature" and "Non Repudiation" uses - everything works fine "inbound". The problem starts if we want to send encrypted emails back to them. Even if we import the encryption certificates we get (those have only "Key Encipherment" usage) and the certificates themselves are valid in any possible way (lifetime, proper CA chain imported and so on), still Thunderbird tells us it can't find proper certificate to encrypt the message.

Tất cả các câu trả lời (1)

more options

Hi "Crack my back" Perhaps the folks at #openpgp:mozilla.org on Matrix can help

Cheers! ...Roland