S/MIME certificates from other people not working
Hi,
I switched from Windows Live Mail to Thunderbird 91 recently (clean install, Windows 10 Pro). My workplace uses Gsuite, I set up IMAP (port 993) in Thunderbird and I'm getting and sending emails just fine. Me and my colleagues use S/MIME certificates by Actalis.
The thing is, I can decrypt most of my colleague emails but there are a couple of people where Thunderbird crossed out the S/MIME icon and says "There are unknown problems with this encrypted message." In Windows Live Mail I can see it's encrypted and I can read it just fine. It's just Thunderbird that's being funny.
After switching from Windows Live Mail, I haven't done anything with the certificates. I'm not sure why it can decrypt some people but it can't decrypt others. Their certificates are all valid and they appear in the certificate manager in Thunderbird.
I'm not really sure what I'm doing wrong or how to fix it, so any help would be appreciated!
Vahaolana nofidina
Okay, I seem to have fixed it. The emails were sent to a group email, all I needed to do was reinstall the certificate for that group email, set up an identity for my own email and restart Thunderbird.
Hamaky an'ity valiny ity @ sehatra 👍 0All Replies (6)
Thunderbird has a strict interpenetration of the specification. The most common issue is the sender is not actually using the address the certificate is for. For instance BWinton and BillWinton are NOT the same email addresses even if they may be the same person. Other common failures is a certificate to "Assistant@Domain being used by BillWinton@Domain because he is the assistant.
It is also possible the person is using an anti virus that actually edits the email (perhaps to put in a meaningless scanned by message.) the result being the checksum of the signed message is not valid, so the message is not secure.
Novain'i Matt t@
Thanks for your input, Matt!
Most coworkers use Thunderbird and don't have the same issue, so it has to be something else. Any way I can troubleshoot this?
you might start by opening the error console (ctrl+Shift+J) and clearing it with the trash can icon. Then try opening one of these mails and see what appears as an error.
Unfortunately there are no errors.
otherwise You might see if there are any experts on the E2EE mailing list that know about logging. https://thunderbird.topicbox.com/groups/e2ee because like just about everything about s/mime there is basically no documentation of how it works or can be logged.
Vahaolana Nofidina
Okay, I seem to have fixed it. The emails were sent to a group email, all I needed to do was reinstall the certificate for that group email, set up an identity for my own email and restart Thunderbird.