To sign an email with a certificate, you should:
How to Configure the Certificate on Thunderbird
To access your certificate in token or smartcard format you must
Add module PKCS#11
- In the Thunderbird Options window, select the [Advanced] option on the left, and then select [Certificates].
- Select "Always Ask" and check "Query OCSP responder servers to confirm the validity of certificates".
- Click [Device Manager].
- Enter and click [Load].
- In the box that appears, enter the following information:
- Module Name: Safenet PKCS#11 Module file name: C:\Windows\System32\eTPKCS11.dll
- Click [OK].
- You will see that the PKCS#11 driver is already configured in Thunderbird.
- Confirm that the certificate is already recognized (appears on the right) and add certificates from the certificate chain:
- Click [Manage Certificates].
- Enter the certificate PIN received by SMS.
- Verify that the signature certificate appears under [Your Certificates].
- Under [Authorities], add the Multicert Root CA Certificate by clicking [Import].
- Select MCRootCA.cer and click Open.
- Import Certificate, check both purposes
- [x] Trust this certification authority to identify websites
- [x] Trust this CA to identify email users
- Click [OK].
- Return to [Authorities] to add the Multicert Root CA Certificate again,
- click [Import].
- Now select TSCA_002.cer and click Open: Import Certificate,
- check both purposes
- [x] Trust this certification authority to identify websites
- [x] Trust this CA to identify email users
- Click [OK]. The Multicert certificates should now appear: Multicert Root Certification Authority 01 and Multicert Trust Services Certification Authority 002.
Select your certificate to sign e-mails
- Go to [Account Settings] and choose the [Security] option,
- then click Select in the Digital Signature section.
- Choose the "Qualified Signature" certificate.
- Note: The email on the certificate must match the one on the account you intend to send from. Click [OK].
- Then answer No to the certificate encryption configuration.
- Returning to the [Security] option with the certificate configured, you can confirm the changes by clicking [OK].
- Optionally, if you want to digitally sign all messages sent from Thunderbird, you can check the option "Digitally sign messages (default)." In this case, you won't need to configure the signature for each sending, which is the next step in these instructions.
Send a digitally signed Email with Thunderbird
- Create a new email.
- Click [Security] and choose "Digitally sign message". You should see an icon [Sealed message] appear in the bottom right corner, indicating that the email will be signed when sent. When the email is ready, click [Send].