Using your digital signature in Mozilla Thunderbird for Windows

от Infonotary
Направо към: навигация, търсене

Before you proceed you must do

  • IMPORTANT WHEN USING THE PRODICTS OF MOZILLA!!!: When you use Mozilla prodsucts you must know, that it uses direct access to smart cards. When we install succesfully certificates in Mozilla Firefox or Thunderbird , WE MUST NOT delete them from there, because that way we will delete them from the smart card along the public and private keys!

The prefered way Firefox and Thunderbird is through InfoNotary Configurator for Mozilla. After the extension is installed everything will be configured If you prefer to do it manually follow the steps:

Install Infonotary certificate chain

Before you can start using the certificate, you must install the Infonotary certificate chain.

Certificate chain for certificates, issued before 08.01.2018 - INotaryCertChain.p12.

Certificate chain for certificates, issued after 08.01.2018 - InfoNotary_Qualified_eIDAS.p12


Start Mozilla Thunderbird. From Tools Choose Options.

ToolsOption.jpg

Choose Privacy, tab Security, as it shown and click View Certificates.

Advanced.jpg

From here the process is analogical for all Mozilla applications.

Click the Import button and specify the path to certification chain - INotaryCertChain.p12 or InfoNotary_Qualified_eIDAS.p12

Import.jpg

Leave the field blank and click OK.

Encryptespassword.jpg

Upon successful installation of the certification chain message appears:

Successfull.jpg

Newly installed certificates can be found in section "Authorities":

Edittrust.jpg

In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary CSP Root" and/or "InfoNotary TSP Root" select all three possible options. This will make all the InfoNotary trusted certificates for all operations.

TrustSettings.jpg


Install software security module

Start Thunderbird. From Tools, choose Options.

ToolsOption.jpg

Choose tab Advanced, then Certificates, as it shown and click Security Devices.

Advanced.jpg

From here the procedure is analogical for all Mozilla applications.

To add a new device, select the Load

SecurityDevices.jpg

Change the name of the module (Module Name), as desired.

ModuleName.jpg


Select PKCS # 11 library corresponding to your smart card.

  • Siemens - C:\WINDOWS\system32\siecap11.dll
  • Charismathics - C:\WINDOWS\system32\cmP11.dll
  • Bit4id - C:\WINDOWS\system32\bit4ipki.dll

In case you use 64 bits version of Firefox or Thunderbird and Charismathics smart card, path to library is C:\WINDOWS\system32\cmP1164.dll.


After you click OK, your smart card will appear in the list of available devices.

Successfullyinstalled.jpg


Configuring use profile in Thunderbird

In order for you to sign your outgoing mails, you have to associate your account with your digital signature on your smart card. To do this follow the steps below:

If you are using Windows, choose Tools > Account Settings > Security, and for Linux and other UNIX systems choose Edit > Account Settings > Security, as it is shown

Install Windows - Mozilla Thunderbird Account Settings.png

Choose the button Select from the field Digital Signing.

You will get a window for choosing a certificate:

Install Windows - Mozilla Thunderbird Account Settings - 02.png

Choose the appropriate certificate from the smart card and confirm by clicking OK.

If the setting Digitally sign messages (by default) is checked every message send by you will be signed with choosed certificate.

Thunderbird will offer you to choose the same certificate for decrypting messages send to you. If you dont want to be the same certificate you can choose one from the button Select in the field Encryption. Please note that not every certificate can be used for encrypting or decrypting. These options depends of the type of your certificate.