Configure S/MIME on Mozilla Thunderbird

You are here:

After successfully collecting the certificate on your system, you must export the certificate from the browser in which you originally collected the certificate to a PFX / P12 format. You can then follow the Import instructions in this post.

Import your certificate into Mozilla Thunderbird:

  1. Open Thunderbird and click "Tools" > "Options" > "Advanced" .
  2. Click the Certificates tab. Optional: When a server requests my personal certificate, select Always ask. This will alert you that a server has requested an identity confirmation and allows you to choose your personal Secorio authentication certificate.
  3. Click the "Show Certificates " button.
  4. Make sure that the "Your certificates" tab is selected in the Certificate management and click "Import" .

    User added image

  5. Navigate to the location of your PKCS12 certificate file and enter the required passwords. Once the certificate is complete, it will appear in the certificate store.
  6. Click "OK" .

That's it. You have successfully imported your Secorio Personal Authentication certificate into Mozilla Thunderbird.

Sign and encrypt emails

  • Signing an email ensures that the recipient knows that the email is from you and informs them that it has not been changed during delivery.
  • Encrypting an email ensures that only the recipient can read the content and attachments of the email.

Please note: To encrypt emails, you must first have your recipient's email certificate in your certificate store. In order to receive the certificate, you must contact your contact person to send you a signed email. After receiving the signed email, the certificate is automatically imported into your certificate store and you can sign / encrypt emails to this person.


Assign the certificate

  1. Open Thunderbird and click "Extras" > “ Account Settings" .
  2. In the Account Settings dialog box, select 'Security' .
  3. Click next to the text field in the "Digital Signature" area on "Select" and select your Secorio Personal Authentication certificate from the list.
  4. Follow the same procedure for the "Encryption" section and select the same certificate
  5. Click OK in the Account Settings interface to confirm your selection

Sign and encrypt individual emails:

How to sign a single mail:

  1. Compose your email and attach the files as usual.
  2. Click Security and select Digitally Sign This Message .
  3. Click Send.

How to encrypt a single mail:

  1. Compose your email and attach the files as usual.
  2. Make sure that you have the e-mail certificate of your contacts and that you have assigned the certificate to your entry in your contact area.
  3. Click Security and select Encrypt this message .
  4. Click Send.

By default, sign and encrypt all emails:

  1. Open Thunderbird and click "Extras" > „Kontoeinstellungen“ .
  2. In Account Settings , choose 'Security' .
  3. Select the appropriate options in the "Digital signature" and "Standard encryption settings" areas to sign and / or encrypt your e-mails by default.
  4. As a rule of thumb, many users sign digitally by default, but only encrypt it when they send a confidential message.
  5. Click "OK" .