Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

How to use a PKCS#12/PFX Bundle to encrypt and sign emails, both CA Signed and Self-Signed.

  • 2 个回答
  • 1 人有此问题
  • 2 次查看
  • 最后回复者为 Predatorian3

Predatorian3
Predatorian3
more options

I am on an OSX Machine, and I believe this will probably go for my Ubuntu setup as well where they already have GnuPG installed. Is there anyway to get those GPG Keys and Certificates presented to Thunderbird without having to use extra software?

When I was looking at importing a new Certificate bundle for signing, I saw that it was asking for a PKCS#12 or PFX bundle. I made a Self-Signed Certificate Bundle. Then I imported it into Thunderbird and it took. However, when I use that Certificate Bundle to sign my emails, I get the following error:

Sending of the message failed. Unable to sign message. Please check that the certificate specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.

So I went into on OSX Thunderbird -> Preferences -> Advanced -> Certificates -> Manage Certificates. Then I tried to add my Self-Signed Certificate to the Authorities list, but it says that it already exists, but as I went through all the Authorities listed my certificate was not present. Where should I look, or do I have to use the GPG Tools detailed in this Support Page: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages#thunderbird:mac:tb52 ?

I am on an OSX Machine, and I believe this will probably go for my Ubuntu setup as well where they already have GnuPG installed. Is there anyway to get those GPG Keys and Certificates presented to Thunderbird without having to use extra software? When I was looking at importing a new Certificate bundle for signing, I saw that it was asking for a PKCS#12 or PFX bundle. I made a Self-Signed Certificate Bundle. Then I imported it into Thunderbird and it took. However, when I use that Certificate Bundle to sign my emails, I get the following error: Sending of the message failed. Unable to sign message. Please check that the certificate specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail. So I went into on OSX Thunderbird -> Preferences -> Advanced -> Certificates -> Manage Certificates. Then I tried to add my Self-Signed Certificate to the Authorities list, but it says that it already exists, but as I went through all the Authorities listed my certificate was not present. Where should I look, or do I have to use the GPG Tools detailed in this Support Page: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages#thunderbird:mac:tb52 ?

所有回复 (2)

christ1
christ1
  • Top 25 Contributor
more options
I made a Self-Signed Certificate Bundle.

What exactly does this mean, and what's inside that bundle?

... they already have GnuPG installed.

If you want to use a S/MIME certificate, you don't need GnuPG. If you want to use GnuPG with OpenPGP keys, you'd need to install the Enigmail add-on for Thunderbird.

Then I imported it into Thunderbird and it took.

Imported to which tab in the Certificate Manager? You'll need to import your cert and private key underneath the 'Personal' tab.

Sending of the message failed. Unable to sign message.

In order to be able to sign messages, you'll also need to import the private key. Typically cert and private key are bundled. You may be missing the private key though.

do I have to use the GPG Tools

No, not for S/MIME certs.

Predatorian3
Predatorian3 提问者
more options

christ1 said

...

For the Self-Signed Certificate Bundle I did the following

openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 365 -nodes openssl pkcs12 -export -out keyStore.pfx -inkey myKey.pem -in cert.pem
After seeing you say something about S/MIME Certificates, I probalby don't have the correct certificate then in my PFX bundle.