Signing Message in Thunderbird Results in Error Message

Hi,

I hope this is the right location to post this message. I already
asked in the mozillazine forum at
   http://forums.mozillazine.org/viewtopic.php?p=2987006
and was asked to re-post this question for the experts in this group.

The problem is that I cannot sign a mail using S/MIME. I generated a
certificate using StartCom's service and imported it into Thunderbird.
When trying to send an email signed with this certificate I receive
the following error:

<quote>
Sending of message failed.
Unable to sign message. Please check that the certificates specified
in Mail & Newsgroups Account Settings for this mail account are valid
and trusted.
</quote>

I checked the certificate, and whether its CA was in my list of
authorities. The problem is that I cannot find any indication on where
the error could be. Is there anything I can do?

I've been using the Enigmail plug-in but I am not sure about how it
conforms to standards compared to S/MIME. That's why I wanted to
switch.

Thanks for your help,
Kariem

0
Kariem
7/29/2007 10:16:26 AM
📁 mozilla.dev.security
📃 622 articles.
⭐ 0 followers.

💬 5 Replies
👁️‍🗨️ 965 Views

Hi Kariem,

Nice to see you using StartCom ;-)

Kariem Hussein wrote:
> When trying to send an email signed with this certificate I receive
> the following error:
>
> <quote>
> Sending of message failed.
> Unable to sign message. Please check that the certificates specified
> in Mail & Newsgroups Account Settings for this mail account are valid
> and trusted.
> </quote>
>   
The problem is most likely, that the Intermediate CA certificate isn't 
installed at Thunderbird. It needs it and can't fetch it by its own (a 
known problem). Simply import this file 
http://cert.startcom.org/sub.class1.email.ca.crt or click on this link: 
http://cert.startcom.org/?app=109&type=mail

-- 
Regards
 
Signer:      Eddy Nigg, StartCom Ltd.
Jabber:      [email protected]
Phone:       +1.213.341.0390
0
Eddy
7/29/2007 10:25:10 AM
Wow, thank you for the quick reply.

On Jul 29, 12:25 pm, "Eddy Nigg (StartCom Ltd.)"
<[email protected]> wrote:
> Nice to see you using StartCom ;-)

I could not find anyone else providing a simple export to PKCS#12.
Thanks for this service, by the way!

> Kariem Hussein wrote:
> > <quote>
> > Sending of message failed.
> > Unable to sign message. Please check that the certificates specified
> > in Mail & Newsgroups Account Settings for this mail account are valid
> > and trusted.
> > </quote>
>
> The problem is most likely, that the Intermediate CA certificate isn't
> installed at Thunderbird. It needs it and can't fetch it by its own (a
> known problem). Simply import this filehttp://cert.startcom.org/sub.class1.email.ca.crtor click on this link:http://cert.startcom.org/?app=109&type=mail

That was easy. It's working now. Thank you.

Would have saved me some time if the intermediate CA was in the built-
in list of CAs. Just being curious: why is this CA not in the list?

Bye,
Kariem

0
Kariem
7/29/2007 10:45:52 AM
Kariem Hussein wrote:
> I could not find anyone else providing a simple export to PKCS#12.
> Thanks for this service, by the way!
>   
You are welcome!
>
> That was easy. It's working now. Thank you.
>
> Would have saved me some time if the intermediate CA was in the built-
> in list of CAs. Just being curious: why is this CA not in the list?
>   
Because it's an intermediate CA with limited life time which is chained 
to the CA root. Only the StartCom root is in the NSS store. However the 
fetching of intermediate CAs is being worked on I think (don't find the 
bug right now).


-- 
Regards
 
Signer:      Eddy Nigg, StartCom Ltd.
Jabber:      [email protected]
Phone:       +1.213.341.0390
0
Eddy
7/29/2007 11:09:52 AM
Kariem Hussein wrote:
> I've been using the Enigmail plug-in but I am not sure about how it
> conforms to standards compared to S/MIME. That's why I wanted to
> switch.

EnigMail conforms to standards, but not to the S/MIME-Standard. :-)
It uses OpenPGP and PGP/MIME.
S/MIME and OpenPGP use similar encryption methods, but are,
unfortunately, not compatible.

Cheers, Jan
0
Jan
7/29/2007 12:32:26 PM
On Jul 29, 2:32 pm, Jan Steffen <[email protected]> wrote:
> Kariem Hussein wrote:
> > I've been using the Enigmail plug-in but I am not sure about how it
> > conforms to standards compared to S/MIME. That's why I wanted to
> > switch.
>
> EnigMail conforms to standards, but not to the S/MIME-Standard. :-)
> It uses OpenPGP and PGP/MIME.
> S/MIME and OpenPGP use similar encryption methods, but are,
> unfortunately, not compatible.

Thank you, Jan.

My wording was not very clear, sorry. I wanted to say that I did not
know, whether PGP was built on a standard other than those evolved
from from the original PGP in the early 90s. I found some information
here, and of course at Wikipedia.

There is certainly very good information on Wikipedia about S/MIME and
OpenPGP and PGP/MIME, but I am still not sure about (future built-in)
support in standard email applications or even browsers using webmail.
Currently I'd favor S/MIME with capabilities built into popular mail
clients and browsers.

I just cannot imagine how I could send signed mails, if the receiving
party has to install additional software to verify the signature.


Cheers,
Kariem

0
Kariem
7/31/2007 11:43:56 AM
Reply: