Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

How to exchange encryption key/certificate with other users

  • 13 답장
  • 0 이 문제를 만남
  • 최종 답변자: christ1

more options

I have imported a certificate and setup my Thunderbird. When I try to send an email using encryption it won't send and Thunderbird displays the message ' End-to-end ecryption requires resolving certificate issues for XXXX@ddd.com'

How do I resolve this ?

I have imported a certificate and setup my Thunderbird. When I try to send an email using encryption it won't send and Thunderbird displays the message ' End-to-end ecryption requires resolving certificate issues for XXXX@ddd.com' How do I resolve this ?

모든 댓글 (13)

more options
I have imported a certificate and setup my Thunderbird.

What cert exactly? Please be specific.

When I try to send an email using encryption it won't send and Thunderbird displays the message ' End-to-end ecryption requires resolving certificate issues for XXXX@ddd.com'

Please post a screenshot of the error. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem

In general, you'd have to obtain the cert of the intended recipient and import it into your Thunderbird to be able to send encrypted messages to that recipient.

도움이 되셨습니까?

more options

Thank you for the reply. I have two Certificates one for email signatures and one for Encryption both are from a certified CA. They have functioned well with MS Outlook until Outlook 2016 stopped working for me and Microsoft could not solve the issue. I tried going to the new Outlook (their only possible solution) and the new Outlook does not support Certificates. So I am trying Thunderbird. I have gone trough the Import Certificate and create a backup process to obtain the .p12 format for Thunderbird. When I try to send an email with my signature to an associate I get the "Unable to sign screenshot1" attached here. (Then, as Mozilla tries to save the email as a "draft" I get the "Unable to save Draft Screenshot1" attached here.) My goal is to send signature and Encrypted emails to my customers and associates. When I get an encrypted email from an associate, Thunderbird posts this cannot decrypt message (screenshot attached) "Cannot Decrypt message screenshot1" in the text field of the email.

도움이 되셨습니까?

more options
I have two Certificates one for email signatures and one for Encryption both are from a certified CA.

You may have two files, but there is only one cert. You need to use the file which also includes the private key and import it into Thunderbird.

Then open the Thunderbird Certificate Manager. At the top right of the Thunderbird window, click the menu button ≡ > Settings > Privacy & Security > Certificates > Manage Certificates

Select the "Your Certificates" tab. Do you see your cert? If yes, select it - View.

The Common Name field should be your email address. Does it match your account email address?

Is the cert (still) valid?

Take a screenshot of the "Public Key Info" and "Miscellaneous" sections, and post it here. https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem

I have gone trough the Import Certificate and create a backup process to obtain the .p12 format for Thunderbird.

Not sure what you're talking about. How can you backup the cert if you haven't imported it into Thunderbird in the first place? Please explain.

글쓴이 christ1 수정일시

도움이 되셨습니까?

more options

In The Certificate Manager. In the Common Name Field I see "my name:certificate number". I do NOT see my email address, colon, followed by the cert number? The cert is still valid, yes. Public Key & Miscellaneous screenshot attached. We went through the "Import/Back-up certificate" process in Thunderbird when I first set it up. Sorry for the confusion. I believe I performed that step correctly as we did see the .p12 file format..

도움이 되셨습니까?

more options
In The Certificate Manager.

Very funny. Once again: The Certificate Manager has multiple tabs. In which tab do you see your cert?

Do you see your email address anywhere in the cert? If so, which field?

We went through the "Import/Back-up certificate" process in Thunderbird when I first set it up.

Import and Backup are separate buttons in the Certificate Manager. So I still have no idea what you're talking about.

I believe I performed that step correctly as we did see the .p12 file format..

I don't understand what that means. You need to be more specific about what you did do when importing the cert.

The cert should also have a "Extended Key Usages" section. It should look like this: Purposes Client Authentication, E-mail Protection

Does your cert have an "E-mail Protection" purpose listed, or something in that sense?

글쓴이 christ1 수정일시

도움이 되셨습니까?

more options

I see the certs in the "Your Certificates" Tab in the Cert Manager. This same tab is where we did the "Backup" to generate the .p12 file using the buttons at the bottom of that tab. The only place I see my email address is when I "view" the certificate (from the same "Your Certificates" tab, and I see my email under, "Subject Alt Names"..

도움이 되셨습니까?

more options
The only place I see my email address is when I "view" the certificate (from the same "Your Certificates" tab, and I see my email under, "Subject Alt Names"..

Good. Does the email address in the cert match your account email?

Now, go to your account settings: At the top right of the Thunderbird window, click the menu button ≡ > Account Settings > End-To-End Encryption > S/MIME.

Did you select the correct cert for both, signing, and encryption?

글쓴이 christ1 수정일시

도움이 되셨습니까?

more options

I believe I have. There are two certs with the same cert number, but they have two different "serial Numbers". Is it possible that I have the cert for encryption selected for signing and the signing selected for encryption?

도움이 되셨습니까?

more options
There are two certs with the same cert number, but they have two different "serial Numbers".

So you do have two different certs.

Check the serial no. of the cert underneath the "Your Certificates" tab in the Certificate Manager.

Then use this cert for both, signing, and encryption in Account Settings.

Delete the other cert in Certificate Manager.

도움이 되셨습니까?

more options

Get a message now cannot locate cert for encryption...(screenshot attached)..

도움이 되셨습니까?

more options

I assume you are using s/mime encryption based on having certificates from a CA.

Encryption requires both you and the recipient to have encryption certificates. You have yours, but you can not send a message to someone encrypted that they will be able to decrypt until you first exchange a non encrypted email with a digital signature as that digital signature is the public key they will use to decrypt your mail. You probably have a long history of personal certificates for correspondents somewhere that is not going to be present in Thunderbird.

See this old discussion on the use of the windows store. https://support.mozilla.org/en-US/questions/1272378

Have you read the prerequisites support article https://support.mozilla.org/en-US/kb/thunderbird-help-cannot-encrypt

도움이 되셨습니까?

more options

Yes, I am using the s/mime encryption. I will go back and read the information in the supplied links. Thank you to both of you for responding. I will check back in after I do some more homework. It is unclear to me if I have two certs one for Encryption and one for Signatures from the CA. I'm far fram being and expert on this stuff, just simply a user!

도움이 되셨습니까?

more options
It is unclear to me if I have two certs one for Encryption and one for Signatures from the CA.

As stated before, there is only one cert for both. More precisely, the private key is for signing, the cert (which is essentially the public key) is for encryption when sending a message. The file you import into Thunderbird needs to have both, the cert, and the private key. Note, when sending messages to other recipients, you'll also need their cert.

It is not clear to me why you think you do need two certs, and what's in the two files you imported into Thunderbird.

도움이 되셨습니까?

질문하기

글에 답글을 달기 위해서는 계정으로 로그인해야만 합니다. 계정이 아직 없다면 새로운 질문을 올려주세요.