MozillaZine

can't send S/MIME email to myself using self-signed cert

User Help for Mozilla Thunderbird
bill.shannon
 
Posts: 4
Joined: December 20th, 2010, 3:29 pm

Post Posted September 8th, 2017, 3:23 pm

For testing I'm trying to send an S/MIME signed and/or encrypted message using
Thunderbird 52.2.0 on Solaris.

I followed the instructions here and here to create a self-signed cert using openssl,
import it as a CA and import the cert. I configured my account to use the imported cert.

Still, when I try to send a message to myself, using the email address specified in the cert,
and using the account the cert is associated with, it tells me that it can't send the message
because it "failed to find an encryption certificate for my-email-address".

What am I doing wrong?

tanstaafl
Moderator

User avatar
 
Posts: 43242
Joined: July 30th, 2003, 5:06 pm

Post Posted September 8th, 2017, 10:33 pm

Its been years since I used s/mime. However, its best to test it using two separate accounts, not one. If you want to use just one check that your certificate shows up in both "your certificates" and the "people" tab in the list of security devices. I suspect its been imported only into the first tab.

S/MIME still works but is barely being maintained (based on comments I've read in the tb-planning mailing list). I also vaguely remember some political issues about verifying the pre-installed CA certificates (no manpower to do the review etc.) that came up a year or so ago. OpenPGP (via the Enigmail add-on) seems to have a better future IMHO. Especially if the Thunderbird Council ever decides to work with the p≡p Foundation.

bill.shannon
 
Posts: 4
Joined: December 20th, 2010, 3:29 pm

Post Posted September 13th, 2017, 1:51 pm

I created a second self-signed certificate for a different email address.
I tried to import it on the People tab, but it wouldn't allow that because
the CA was unknown. I imported it on the Authorities tab, and then tried
again to import it on the People tab but it still fails.

It looks like I'm going to need a real cert to even test this...

Return to Thunderbird Support


Who is online

Users browsing this forum: Google Adsense [Bot] and 6 guests