I need help troubleshooting some inconsistent behavior with S/MIME. Platform: Oracle Linux 7.9 Thunderbird Version: 128.6.1esr Smart Card: Identrust ECA Medium Assurance Token Background: - Previously, I've used this card to sign and encrypt email. It is definitely associated with the email address I'm trying to use it for. - Thunderbird WILL let me use this smart card to decrypt emails that I previously sent to myself. Thunderbird reports that the emails were also signed (accurate), and that the CA/trust chain is valid. - OpenSC and PCSC are both installed and appear to be happy. Inconsistent Behavior: - Thunderbird will not allow me to add my personal certificate (smart card) for S/MIME signing, or encryption. The certificate manager says it cannot find a certificate associated with my email address. Drafting a new email does not offer options to Sign, or Encrypt. - Device Manager shows that the smart card's status is 'Logged In' (pin was entered correctly) - Thunderbird is using the smart card to decrypt and validate the signature of emails I previously sent to myself. (When I try to open these emails WITHOUT my smart card inserted, I cannot decrypt these emails. If I try to open the emails before entering my pin, I get prompted to enter my pin.) So I can decrypt emails with this card. Emails signed with this card are valid. Thunderbird can use this card for decryption, and reports no issue with the certificate->email address relationship. But when I try to add the card for signing and encrypting new emails, Thunderbird fails to find it, or fails to associate it with my email address. I suspect that the error reported is inaccurate/unhelpful, but I don't know where to go from here.