Thunderbird and S/MIME certificates: fixing "Unable to sign message." error

I had to generate some SSL certificates and use them to sign emails for a class recently. After creating the PKCS#12 file and importing it into Thunderbird I tried sending an email, which resulted in an error message:

Sending of message failed. Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted.

First I tried adding the Certificate Authority that had signed my SSL certificate into Thunderbird's Certificate Manager, under the Authorities tab. Thunderbird complained about it already being in the list though. So I searched the list for it (why the hell isn't it filterable? There's tonnes of Authorities ugh) and after quite a while —I wasn't sure whether it was going to be listed under the SSL cert's OU, the CA's OU or the root CA's OU— I finally found the cursed CA under the root CA's OU. Along with the root CA.

Upon clicking "Edit" on both CAs I got a lovely window with three unchecked options:

  • This certificate can identify web sites.
  • This certificate can identify mail users.
  • This certificate can identify software makers.

I guess that's why Thunderbird wasn't able to sign my test email. Checking the second one fixed my problems.

Just as well Thunderbird didn't ask me whether I trust the CA (and its parent CA) that issued my SSL cert when I added it. It might have been a painless experience.

This post brought to you by

Some UX superhero or something?

About johnny

Computers have interested me since I can remember and conveniently I studied computer science. I also enjoy performing in a local amateur theatre group and cycling. This is where I post solutions to problems I've had in the office or any other project, hopefully clearly enough to refer back to in the future.
This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to Thunderbird and S/MIME certificates: fixing "Unable to sign message." error

  1. John Conant says:

    This info is JUST what I needed to know. Thanks for posting it!!

  2. Thanks for sharing. Just spend 3 hrs trying to get my new digital signature to work. Double checked everything but nothing worked - until I found the 3 check-boxes :)

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>