We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

S/MIME certificates from other people not working

  • 6 回覆
  • 1 有這個問題
  • 1 次檢視
  • 最近回覆由 Dana

more options

Hi,

I switched from Windows Live Mail to Thunderbird 91 recently (clean install, Windows 10 Pro). My workplace uses Gsuite, I set up IMAP (port 993) in Thunderbird and I'm getting and sending emails just fine. Me and my colleagues use S/MIME certificates by Actalis.

The thing is, I can decrypt most of my colleague emails but there are a couple of people where Thunderbird crossed out the S/MIME icon and says "There are unknown problems with this encrypted message." In Windows Live Mail I can see it's encrypted and I can read it just fine. It's just Thunderbird that's being funny.

After switching from Windows Live Mail, I haven't done anything with the certificates. I'm not sure why it can decrypt some people but it can't decrypt others. Their certificates are all valid and they appear in the certificate manager in Thunderbird.

I'm not really sure what I'm doing wrong or how to fix it, so any help would be appreciated!

Hi, I switched from Windows Live Mail to Thunderbird 91 recently (clean install, Windows 10 Pro). My workplace uses Gsuite, I set up IMAP (port 993) in Thunderbird and I'm getting and sending emails just fine. Me and my colleagues use S/MIME certificates by Actalis. The thing is, '''I can decrypt most of my colleague emails''' but there are a couple of people where Thunderbird crossed out the S/MIME icon and says "There are unknown problems with this encrypted message." In Windows Live Mail I can see it's encrypted and I can read it just fine. It's just Thunderbird that's being funny. After switching from Windows Live Mail, I haven't done anything with the certificates. I'm not sure why it can decrypt some people but it can't decrypt others. Their certificates are all valid and they appear in the certificate manager in Thunderbird. I'm not really sure what I'm doing wrong or how to fix it, so any help would be appreciated!

被選擇的解決方法

Okay, I seem to have fixed it. The emails were sent to a group email, all I needed to do was reinstall the certificate for that group email, set up an identity for my own email and restart Thunderbird.

從原來的回覆中察看解決方案 👍 0

所有回覆 (6)

more options

Thunderbird has a strict interpenetration of the specification. The most common issue is the sender is not actually using the address the certificate is for. For instance BWinton and BillWinton are NOT the same email addresses even if they may be the same person. Other common failures is a certificate to "Assistant@Domain being used by BillWinton@Domain because he is the assistant.

It is also possible the person is using an anti virus that actually edits the email (perhaps to put in a meaningless scanned by message.) the result being the checksum of the signed message is not valid, so the message is not secure.

由 Matt 於 修改

more options

Thanks for your input, Matt!

Most coworkers use Thunderbird and don't have the same issue, so it has to be something else. Any way I can troubleshoot this?

more options

you might start by opening the error console (ctrl+Shift+J) and clearing it with the trash can icon. Then try opening one of these mails and see what appears as an error.

more options

Unfortunately there are no errors.

more options

otherwise You might see if there are any experts on the E2EE mailing list that know about logging. https://thunderbird.topicbox.com/groups/e2ee because like just about everything about s/mime there is basically no documentation of how it works or can be logged.

more options

選擇的解決方法

Okay, I seem to have fixed it. The emails were sent to a group email, all I needed to do was reinstall the certificate for that group email, set up an identity for my own email and restart Thunderbird.