Hi, I hope this is the right location to post this message. I already asked in the mozillazine forum at http://forums.mozillazine.org/viewtopic.php?p=2987006 and was asked to re-post this question for the experts in this group. The problem is that I cannot sign a mail using S/MIME. I generated a certificate using StartCom's service and imported it into Thunderbird. When trying to send an email signed with this certificate I receive the following error: <quote> Sending of message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted. </quote> I checked the certificate, and whether its CA was in my list of authorities. The problem is that I cannot find any indication on where the error could be. Is there anything I can do? I've been using the Enigmail plug-in but I am not sure about how it conforms to standards compared to S/MIME. That's why I wanted to switch. Thanks for your help, Kariem
![]() |
0 |
![]() |
Hi Kariem, Nice to see you using StartCom ;-) Kariem Hussein wrote: > When trying to send an email signed with this certificate I receive > the following error: > > <quote> > Sending of message failed. > Unable to sign message. Please check that the certificates specified > in Mail & Newsgroups Account Settings for this mail account are valid > and trusted. > </quote> > The problem is most likely, that the Intermediate CA certificate isn't installed at Thunderbird. It needs it and can't fetch it by its own (a known problem). Simply import this file http://cert.startcom.org/sub.class1.email.ca.crt or click on this link: http://cert.startcom.org/?app=109&type=mail -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [email protected] Phone: +1.213.341.0390
![]() |
0 |
![]() |
Wow, thank you for the quick reply. On Jul 29, 12:25 pm, "Eddy Nigg (StartCom Ltd.)" <[email protected]> wrote: > Nice to see you using StartCom ;-) I could not find anyone else providing a simple export to PKCS#12. Thanks for this service, by the way! > Kariem Hussein wrote: > > <quote> > > Sending of message failed. > > Unable to sign message. Please check that the certificates specified > > in Mail & Newsgroups Account Settings for this mail account are valid > > and trusted. > > </quote> > > The problem is most likely, that the Intermediate CA certificate isn't > installed at Thunderbird. It needs it and can't fetch it by its own (a > known problem). Simply import this filehttp://cert.startcom.org/sub.class1.email.ca.crtor click on this link:http://cert.startcom.org/?app=109&type=mail That was easy. It's working now. Thank you. Would have saved me some time if the intermediate CA was in the built- in list of CAs. Just being curious: why is this CA not in the list? Bye, Kariem
![]() |
0 |
![]() |
Kariem Hussein wrote: > I could not find anyone else providing a simple export to PKCS#12. > Thanks for this service, by the way! > You are welcome! > > That was easy. It's working now. Thank you. > > Would have saved me some time if the intermediate CA was in the built- > in list of CAs. Just being curious: why is this CA not in the list? > Because it's an intermediate CA with limited life time which is chained to the CA root. Only the StartCom root is in the NSS store. However the fetching of intermediate CAs is being worked on I think (don't find the bug right now). -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [email protected] Phone: +1.213.341.0390
![]() |
0 |
![]() |
Kariem Hussein wrote: > I've been using the Enigmail plug-in but I am not sure about how it > conforms to standards compared to S/MIME. That's why I wanted to > switch. EnigMail conforms to standards, but not to the S/MIME-Standard. :-) It uses OpenPGP and PGP/MIME. S/MIME and OpenPGP use similar encryption methods, but are, unfortunately, not compatible. Cheers, Jan
![]() |
0 |
![]() |
On Jul 29, 2:32 pm, Jan Steffen <[email protected]> wrote: > Kariem Hussein wrote: > > I've been using the Enigmail plug-in but I am not sure about how it > > conforms to standards compared to S/MIME. That's why I wanted to > > switch. > > EnigMail conforms to standards, but not to the S/MIME-Standard. :-) > It uses OpenPGP and PGP/MIME. > S/MIME and OpenPGP use similar encryption methods, but are, > unfortunately, not compatible. Thank you, Jan. My wording was not very clear, sorry. I wanted to say that I did not know, whether PGP was built on a standard other than those evolved from from the original PGP in the early 90s. I found some information here, and of course at Wikipedia. There is certainly very good information on Wikipedia about S/MIME and OpenPGP and PGP/MIME, but I am still not sure about (future built-in) support in standard email applications or even browsers using webmail. Currently I'd favor S/MIME with capabilities built into popular mail clients and browsers. I just cannot imagine how I could send signed mails, if the receiving party has to install additional software to verify the signature. Cheers, Kariem
![]() |
0 |
![]() |