can't send S/MIME email to myself using self-signed cert

User Help for Mozilla Thunderbird
Post Reply
bill.shannon
Posts: 4
Joined: December 20th, 2010, 3:29 pm

can't send S/MIME email to myself using self-signed cert

Post by bill.shannon »

For testing I'm trying to send an S/MIME signed and/or encrypted message using
Thunderbird 52.2.0 on Solaris.

I followed the instructions here and here to create a self-signed cert using openssl,
import it as a CA and import the cert. I configured my account to use the imported cert.

Still, when I try to send a message to myself, using the email address specified in the cert,
and using the account the cert is associated with, it tells me that it can't send the message
because it "failed to find an encryption certificate for my-email-address".

What am I doing wrong?
User avatar
tanstaafl
Moderator
Posts: 49647
Joined: July 30th, 2003, 5:06 pm

Re: can't send S/MIME email to myself using self-signed cert

Post by tanstaafl »

Its been years since I used s/mime. However, its best to test it using two separate accounts, not one. If you want to use just one check that your certificate shows up in both "your certificates" and the "people" tab in the list of security devices. I suspect its been imported only into the first tab.

S/MIME still works but is barely being maintained (based on comments I've read in the tb-planning mailing list). I also vaguely remember some political issues about verifying the pre-installed CA certificates (no manpower to do the review etc.) that came up a year or so ago. OpenPGP (via the Enigmail add-on) seems to have a better future IMHO. Especially if the Thunderbird Council ever decides to work with the p≡p Foundation.
bill.shannon
Posts: 4
Joined: December 20th, 2010, 3:29 pm

Re: can't send S/MIME email to myself using self-signed cert

Post by bill.shannon »

I created a second self-signed certificate for a different email address.
I tried to import it on the People tab, but it wouldn't allow that because
the CA was unknown. I imported it on the Authorities tab, and then tried
again to import it on the People tab but it still fails.

It looks like I'm going to need a real cert to even test this...
Post Reply