Importing Security Certificates

Some authorities that issue email security certificates make use of proprietary code within Internet Explorer to transfer the certificate that you have purchased (or which they have provided to you free) into the IE certificate Store. To be able to use certificates from these issuing authorities with Mozilla Thunderbird you must first use IE to obtain the certificate, export it from there, and then import it into Thunderbird.

To import a certificate once you have it in a stand alone file go into the Tools menu and select Account Settings. Next select the Security tab for one of your email accounts (it doesn't matter which one at this stage).

Toward the bottom of the page you will find a button labelled Manage Certificates that will start the Thunderbird Certificate Manager. Select the Your Certificates tab and then the Import button and go to the folder containing the certificate And select it. You will then have to enter some passwords to both secure the certificate once it is installed and also to confirm that you have the right to install it. You may also need to go to the Authorities tab and repeat the process to import the issuring authority's security certificate if it is not one already known to Thunderbird.

Once you have installed the certificates in the certificate manager you then need to go to the Security page for the specific email account that the certificate belongs to and select to use it for Digital Signing. If you then select to Digitally Sign Messages (by default) then the certificate will be used to "sign" all emails that you send from Thunderbird using that email address. Recipients of those emails will then be able to check the attached security certificate to confirm who the email has really come from as well as confirming that the content of the email that they received matches what you sent and that it has not been altered in any way since it was "signed". This will confirm that no one has been able to intercept the email and alter it in any way.

Note that if the recipient uses an antivirus program that writes a message to the end of all email received advising whether or not a virus was found then the certificate will report this as an altered email. In this instance a change would be being made by the recipient's anti-virus program (which is itself harmless) but the recipient would lose the ability to tell if the email had been tampered with en-route. For this reason I suggest that If you are going to check security certificates on incoming emails that you have your antivirus program only add messages to those emails that it identifies as containing a virus.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow