Signing Emails with a DFN Personal Grid Certificate in Mozilla Thunderbird 2 and 3

This help document outlines the required steps to sign emails with a DFN personal Grid certificate in Thunderbird.


The email client Thunderbird has its own certificate database. Therefore the personal certificate must be imported into Thunderbird. Even if Mozilla Firefox has already a copy of your certificate, you still need import it into Thunderbird.

To import the certificate into Thunderbird, it must be available as a .p12 or .pfx file. You can export/backup your certificate to create such a file from your web browser.

Once the file has been created, start Thunderbird and click on

→ Edit → Preferences → Advanced → Certificates → View Certificates → Your Certificates → Import

→ Bearbeiten → Einstellungen → Erweitert → Zertifikate → Zertifikate → Ihre Zertifikate → Importieren

in Linux and choose the file to import. In Windows "Einstellungen" can be found under "Extras". In the English Windows version "Advanced" can be found by clicking →Tools→Options.

You may be prompted to set a master password. This master password protects access to your certificate and your stored passwords.

Warning, important Please use a good and long master password!

Your Grid certificate makes it possible to access thousands of computers in the Grid. Pass phrases containing blanks are allowed here.

Warning, important Please set the master password under → Preferences (→ Einstellungen) if you were not prompted to do that.

Trust the root certificate of the Certification Authority

Thunderbird accepts digital signatures as valid if

  • the personal certificate refers to the root certificate of the Certification Authority and

  • this root certificate is trusted.

The root certificate of the Certification Authority should be available in the "Preferences"/"Options"/"Einstellungen" under

→ Advanced → Certificates → View Certificates → Authorities

→ Erweitert → Zertifikate → Zertifikate → Zertifizierungsstellen

For a DFN personal Grid certificate the root certificate is the following:

DFN-Verein PCA Grid - G01

If missing, it may be downloaded. To edit the root certificate's trust settings select it and press "Edit". At least the root certificate must be able to identify web sites and mail users, as shown in the image.

Needed trust settings for root certificate

After clicking "OK" preparations are finished and you should be able to sign emails using your personal certificate.

Sign emails

While editing the email click on "∇" beside "S/MIME" and check "Digitally Sign This Message".

Sign mail in Thunderbird

You will be asked for your master password.

Thunderbird earmarks signed mails with a little envelope on the right side of the client window. Clicking on the envelope prompts Thunderbird pop up a window with information about the signature.

Signed mail in Thunderbird

Additional help (in German language)

DFN FAQ Mozilla

Import und Aktivierung des DFN-PCA-Grid-Zertifikats in Thunderbird

Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r9 - 2010-04-14 - TorstenRathmann
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback