Avatar for Username

Cerca nel supporto

Attenzione alle mail truffa. Mozilla non chiederà mai di chiamare o mandare messaggi a un numero di telefono o di inviare dati personali. Segnalare qualsiasi attività sospetta utilizzando l'opzione “Segnala abuso”.

Ulteriori informazioni

Questa discussione è archiviata. Inserire una nuova richiesta se occorre aiuto.

Sending signed messages using smart card does not work with OpenSC on macOS

  • 2 risposte
  • 1 ha questo problema
  • 60 visualizzazioni
  • Ultima risposta di tamersaadeh

tamersaadeh
tamersaadeh
more options

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error:

Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library.

I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Using a smart card to digitally sign emails does not work. I am able to add it to my list of certificates for my email but I keep getting the following error: Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired. The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though). In any case the certificate is recognised as valid when importing it. I know that the library works in Firefox for client authentication and tested signing PDFs with the smart card with the same OpenSC library. I am not sure where to look for further logs to try to understand better the issue and solve it. Any help is much appreciated as I would rather use my smart card to sign my emails rather than the free comodo certificate as at least here in Italy the smart card has legal value (it is linked to my identity).

Modificato da tamersaadeh il

Soluzione scelta

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

Leggere questa risposta nel contesto 👍 1

Tutte le risposte (2)

christ1
christ1
  • Top 25 Contributor
more options

Soluzione scelta

The certificate is has not expired and the root CA is Actalis which is trusted by Thunderbird (issuer is different though).

When your personal cert has been issued by an intermediate CA, you'll also need to import the cert of that intermediate CA into Thunderbird. Thunderbird needs to know the entire certificate chain up to the root CA.

In any case the certificate is recognised as valid when importing it.

Along with the cert, did you also import the private key? The private key is needed for signing messages.

Modificato da christ1 il

tamersaadeh
tamersaadeh Utente che ha posto la domanda
more options

Thank you very much! The error message is really confusing, I think it is better if in the help articles this is mentioned clearly (and in the error message as I wasn't sure what problem it could have been).