Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Cannot Send Signed Email via CAC Card

  • 8 답장
  • 1 이 문제를 만남
  • 1 보기
  • 최종 답변자: cpdjh02

more options

I think I’ve followed all the steps to get Thunderbird signing and encrypting emails using my CAC.

I set up my CAC card reader as a security devise and was able to select one of my CAC certificate as the certificate used to sign emails and one to use for encrypting emails. I’m able to successfully read encrypted emails and I can send encrypted emails to folks but I can’t send a signed email. When I try to do so I first get prompted for my CAC pin and then the following error is presented: “Sending of the message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.”

I have all the DOD Certificate Authorities installed and I can see them all in the certificate manager. I set all of the DOD Email CA-## certificate trust settings to have the “This certificate can identify mail users” option checked. I also did the same for the DOD Root Certs.

I’m using Thunderbird 52.6.0 (32-bit) on Windows 7.

Can anyone help me with what I’m doing wrong?

I think I’ve followed all the steps to get Thunderbird signing and encrypting emails using my CAC. I set up my CAC card reader as a security devise and was able to select one of my CAC certificate as the certificate used to sign emails and one to use for encrypting emails. I’m able to successfully read encrypted emails and I can send encrypted emails to folks but I can’t send a signed email. When I try to do so I first get prompted for my CAC pin and then the following error is presented: “Sending of the message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.” I have all the DOD Certificate Authorities installed and I can see them all in the certificate manager. I set all of the DOD Email CA-## certificate trust settings to have the “This certificate can identify mail users” option checked. I also did the same for the DOD Root Certs. I’m using Thunderbird 52.6.0 (32-bit) on Windows 7. Can anyone help me with what I’m doing wrong?
첨부된 스크린샷

모든 댓글 (8)

more options

Are you certain the corresponding private key for the signing cert is on that card?

more options

Yeah, I'm certain. I use the same card to sign emails with outlook and it works.

more options

Did this ever work with Thunderbird before?

Do you need to enable FIPS for your CAC card reader security device? Doesn't have the DOD any instructions or manuals how to set this up properly in Thunderbird?

Since Thunderbird for Windows is 32-bit only, make sure there is no 32-bit / 64-bit mismatch. See https://support.mozilla.org/en-US/questions/752709

글쓴이 christ1 수정일시

more options

Thanks for working with me on this christ1. I'm new to Thunderbird and haven't gotten this to work before. I tried going to my security devices and enabling FIPS mode but I still get the same error. "Sending of the message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail"

Since I can send encrypted emails it seems that certs can be pulled from my CAC ok but I'm not sure why the cert it pulls off for signing is not recognized as trusted

more options
more options

I am using the 32 bit version of the .dll. The module loads fine for me and I can use the certs on the CAC card to encrypt email so I don't think that is the issue.

more options
Since I can send encrypted emails it seems that certs can be pulled from my CAC ok but I'm not sure why the cert it pulls off for signing is not recognized as trusted

Encrypting doesn't require access to the private key. Signing does. So I can only guess that there is still some sort of pin or passphrase required to unlock the private key. Using different certs for encryption and signing sounds odd to me, but this may be intentionally.

more options

My CAC has 3 certs on it and when I'm selecting the certificates in the Security settings I'm not getting to choose the cert it only gives me one cert to choose from for the Digital Signing and it only gives me one choice for Encryption, and the certs it choose are different. I'm guessing it uses the 'Certificate Key Usage' certificate field to determine which one to use.

When I try to send a signed email I am getting prompted for the CACs pin, if that helps any.