Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

How to use a PKCS#12/PFX Bundle to encrypt and sign emails, both CA Signed and Self-Signed.

Predatorian3
Predatorian3
more options

I am on an OSX Machine, and I believe this will probably go for my Ubuntu setup as well where they already have GnuPG installed. Is there anyway to get those GPG Keys and Certificates presented to Thunderbird without having to use extra software?

When I was looking at importing a new Certificate bundle for signing, I saw that it was asking for a PKCS#12 or PFX bundle. I made a Self-Signed Certificate Bundle. Then I imported it into Thunderbird and it took. However, when I use that Certificate Bundle to sign my emails, I get the following error:

Sending of the message failed. Unable to sign message. Please check that the certificate specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.

So I went into on OSX Thunderbird -> Preferences -> Advanced -> Certificates -> Manage Certificates. Then I tried to add my Self-Signed Certificate to the Authorities list, but it says that it already exists, but as I went through all the Authorities listed my certificate was not present. Where should I look, or do I have to use the GPG Tools detailed in this Support Page: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages#thunderbird:mac:tb52 ?

I am on an OSX Machine, and I believe this will probably go for my Ubuntu setup as well where they already have GnuPG installed. Is there anyway to get those GPG Keys and Certificates presented to Thunderbird without having to use extra software? When I was looking at importing a new Certificate bundle for signing, I saw that it was asking for a PKCS#12 or PFX bundle. I made a Self-Signed Certificate Bundle. Then I imported it into Thunderbird and it took. However, when I use that Certificate Bundle to sign my emails, I get the following error: Sending of the message failed. Unable to sign message. Please check that the certificate specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail. So I went into on OSX Thunderbird -> Preferences -> Advanced -> Certificates -> Manage Certificates. Then I tried to add my Self-Signed Certificate to the Authorities list, but it says that it already exists, but as I went through all the Authorities listed my certificate was not present. Where should I look, or do I have to use the GPG Tools detailed in this Support Page: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages#thunderbird:mac:tb52 ?

All Replies (2)

christ1
christ1
  • Top 25 Contributor
more options
I made a Self-Signed Certificate Bundle.

What exactly does this mean, and what's inside that bundle?

... they already have GnuPG installed.

If you want to use a S/MIME certificate, you don't need GnuPG. If you want to use GnuPG with OpenPGP keys, you'd need to install the Enigmail add-on for Thunderbird.

Then I imported it into Thunderbird and it took.

Imported to which tab in the Certificate Manager? You'll need to import your cert and private key underneath the 'Personal' tab.

Sending of the message failed. Unable to sign message.

In order to be able to sign messages, you'll also need to import the private key. Typically cert and private key are bundled. You may be missing the private key though.

do I have to use the GPG Tools

No, not for S/MIME certs.

Predatorian3
Predatorian3 Question owner
more options

christ1 said

...

For the Self-Signed Certificate Bundle I did the following

openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes openssl pkcs12 -export -out keyStore.pfx -inkey myKey.pem -in cert.pem
After seeing you say something about S/MIME Certificates, I probalby don't have the correct certificate then in my PFX bundle.