Closed Bug 619039 Opened 14 years ago Closed 13 years ago

Thunderbird failed to find an encryption certificate

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 531073

People

(Reporter: bugzilla, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b3pre Thunderbird/3.1.7 Thunderbird normally collects certificates of users sending me signed mails so that I can send back encrypted Mails. Unfortunately this doesn't seem for some users. Even though the certificate shows up in the certificate manager and is still valid and trusted by a built-in CA (VeriSign Class 1 Public Primary Certification Authority - G3), I cannot send him encrypted Mails. I always get the error message "Sending of message failed. You specified encryption for this message, but the application failed to find an encryption certificate for xxx@xxx.xx" Even if I remove that certificate and read another signed Mail, the certificate will be re-added but sending encrypted mail is still not possible. Is there any log I could activate which could give more information about why that certificate is not picked up automatically? Reproducible: Always
(In reply to comment #0) > Is there any log I could activate which could give more information about why > that certificate is not picked up automatically? First off you should try in -safe-mode (see http://support.mozillamessaging.com/en-US/kb/Safe+Mode) and see if that works better. I assume you didn't see anything in Tools -> Error console ? Are you able to send encrypted/signed emails with some users ?
Component: General → Security
QA Contact: general → thunderbird
Summary: Thunderbird filed to find an encryption certificate → Thunderbird failed to find an encryption certificate
safe mode didn't make a difference, the error console stays empty both in normal and safe mode. One thing I noticed so far: - I can confirm this bug with e-mail addresses under the same domain as one of my e-mails, I'm not 100% sure if this also happened when sending mails to other domains - This bug also appears when sending mails to other addresses I own which I have the certificate stored under "Your Certificates" Encrypting works correctly with those addresses where the certificate is actually found, signing with my own certificates also works correctly.
I found the same problem, this are some additional informations: after having upgraded to Thunderbird 3.1.7 on ten machines the same problem has surfaced. After creating a new crypted message and selecting a persons email from the list ,supplied by the address book, then trying to send the email by clicking on the send email button the email is not sent and the message stays open. When looking at the security certificate it indicates under "status" that the email address certificate is "not found". If I only sign the message the problem does not appears. I have downgraded both machines to 3.1.2 which had worked before and the same problem persists. The machines are Windows XP, vista 64, vista 32, win7 32 and win7 64. Reproducible: Always
This may be the same bug as 531073. If so, it has been around for over a year. 613279 and 614109 are marked as duplicates of 531073. Myself and colleagues started experiencing this a week ago, when a correspondent got a new certificate to replace an expiring one. We both have several expired certificates from this correspondent. Now that a profile that shows this bug has been posted, I hope the status will be changed from Unconfirmed. [It is possible that this might be related to the fact that when Thunderbird receives a message signed with a certificate that is marked as good both for e-mail and as a server certificate, it sometimes put that certificate under Servers, rather than under People. Some of the old certificates from this person are under Servers and some under People.]
This bug to be played back on Linux (Ubuntu 11.04).
Errors in "Error console" doesn't appear.
Yes it appears with expiring certificates. The only way to drive TB to accept a new certificate is to delete all certificates for the contact (all old and new ones) and then restart TB and import a new valid certificate only. This works fine in most cases. But sometimes you need to backup all your partners certificates and to delete the certificate store file (cert8.db) from the profile so that TB recreate it clean (then you must manually import certificates back!). It is very old bug (I see it for at least 6 years). I am sorry TB is behaving completely stupidly about this. I do not see the bug with first valid certificate of the contact. But sometimes the certificate is not allowed to encrypt by options of the issuing CA?
I have the same problem. I think it is something with recipient certificates without CN field.
I have the problem with a certificate that has CN fields and values for both person and issuer. The problem occurs when the certificate is installed in my working profile. When I set up a profile with only this person and the necessary authority certificates, the problem does not occur. So I believe not having a CN field is not the problem.
Is there anything users can do to get the status of this bug changed from Unconfirmed? Cordially, Joaquin
Joaquin can you search for any possible dupliactes (ie bug can be in Thunderbird, seaminkey, mailnews core, Core/PSM, or even NSS).
These bugs may be duplicates or related: 313066 (Product: NSS) 145376 (NSS) 544960 (Thunderbird) 332867 (MailNews Core) 531073 (Core) ...... Not the same, but might have clues: 645680 (Thunderbird, multiple addresses in a single certificate) 572074 (Thunderbird, certificate on LDAP server)
duping so we can have a srong case to get it fixed.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.