Cannot send encrypted mail to user with S/MIME certificate from "Deutsche Telekom AG secure email CA E05"
Categories
(MailNews Core :: Security: S/MIME, defect)
Tracking
(Not tracked)
People
(Reporter: falko.strenzke, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0
Steps to reproduce:
I am currently using 128.2.0esr (64-Bit) on Debian 11.
I have in the Thunderbird certificate store the certificates:
- "Deutsche Telekom AG secure email CA E05" (Subject Key ID 45:EF:6F:A8:A7:9A:E4:EB:CA:CC:5E:4F:A0:5A:95:B2:F5:9A:10:20)
- and its issuer "T-TeleSec GlobalRoot Class 2" (Subject Key ID BF:59:20:36:00:79:A0:A0:22:6B:8C:D5:F2:61:D2:B8:2C:CB:82:4A)
I have two contacts who each have a valid S/MIME certificate issued by "Deutsche Telekom AG secure email CA E05". I try to encrypt an email to either of these contacts.
Actual results:
I cannot encrypt mails to these recipients. When I try, the GUI shows that no certificate is found for that recipient.
Expected results:
The certificate should have been found as valid. All my colleages don't seem to have a problem with these certificates. They are mostly working with Thunderbird on Windows.
Updated•4 months ago
|
Comment 1•4 months ago
|
||
You say it's broken with Thunderbird on Debian,
but it's working with Thunderbird on Windows?
Reporter | ||
Comment 2•4 months ago
|
||
That it works under Windows is my conjecture because my colleages who are using Thunderbird on Windows don't seem to have that problem. But it might of course also be a subtle configuration problem on my system. I will try to find another colleage who uses Thunderbird on Linux to see if they have the same problem with those certificates. I will get back to you with more information.
Reporter | ||
Comment 3•4 months ago
|
||
We made some further tests now:
- On a Debian 10 system with Thunderbird 128 the same error occurs for the affected certificate.
- On an OpenSUSE Tumbleweed system with Thunderbird 115.15.0 the encryption to the certificate works (at least no error is shown in the compose window)
Also I recall that "up to some point" the same certificate worked on my system as well. Most likely that point was the update to Thunderbird 128.
Would it help if I sent you one of the affected certificates? Then I would ask the certificate holders if they agree to sharing the certificate with you. I would send it to you on a private channel in that case.
Comment 4•4 months ago
|
||
(In reply to Falko Strenzke from comment #3)
Would it help if I sent you one of the affected certificates? Then I would ask the certificate holders if they agree to sharing the certificate with you. I would send it to you on a private channel in that case.
yes please
Description
•