Using your digital signature in Mozilla Thunderbird for Windows

от Infonotary
Направо към: навигация, търсене

Before you proceed you must do

  • IMPORTANT WHEN USING THE PRODICTS OF MOZILLA!!!: When you use Mozilla prodsucts you must know, that it uses direct access to smart cards. When we install succesfully certificates in Mozilla Firefox or Thunderbird , WE MUST NOT delete them from there, because that way we will delete them from the smart card along the public and private keys!

The prefered way Firefox and Thunderbird is through InfoNotary Configurator for Mozilla. After the extension is installed everything will be configured If you prefer to do it manually follow the steps:

Install Infonotary certificate chain

You can find Infonotary root certificates in the Installation CD in folder “certificates” or on the web site INotaryCertChain.p12.

Start Mozilla Thunderbird. From Tools Choose Options.


Choose Privacy, tab Security, as it shown and click View Certificates.


From here the process is analogical for all Mozilla applications.

Click the Import button and specify the path to the setup file of the certification chain - INotaryCertChain.p12


Leave the field blank and click OK.


Upon successful installation of the certification chain message appears:


Newly installed certificates can be found in section "Authorities":


In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate " 'InfoNotary CSP Root'" select three possible options. This will make all the InfoNotary trusted certificates for all operations. If you want, you can specify only the required level of confidence. In this case, you must do the following:


  • for certificate „i-Notary TrustPath Validated E-mail CA” check „This certificate can identify mail users”.
  • for certificate „i-Notary Personal Q Sign CA” check „This certificate can identify mail users”.
  • for certificate „i-Notary Company Q Sign CA” check „This certificate can identify mail users”.
  • for certificate „i-Notary TrustPath Validated Domain CA” check „This certificate can identify web sites”.
  • for certificate „i-Notary TrustPath CodeSign CA” check „This certificate can identify software makers”.

Settings for the first three certificates will allow you to check the signature on a letter signed by a certificate of InfoNotary. Settings Personal Q Sign CA and Company Q Sign CA certificates will also allow you to log into websites with your certificate. Setting the fourth statement "i-Notary TrustPath Validated Domain CA" is to allow your browser to know the certificates of the servers that use certificates InfoNotary. Last certificate is to validate correct signatures on software InfoNotary.

Install software security module

Start Thunderbird from the menu Tools choose Options.


Choose tab Advanced, then Certificates, as it shown and click Security Devices.


From here the procedure is analogical for all Mozilla applications.

To add a new device, select the Load


Change the name of the module (Module Name), as desired.


Select PKCS # 11 library corresponding to your smart card.

Siemens for this file is C:\WINDOWS\system32\siecap11.dll, for Charismathics is C:\WINDOWS\system32\cmP11.dll, and for Bit4id is C:\WINDOWS\system32\bit4ipki.dll. In case you use unoficial 64 bits version of Firefox or Thunderbird for Windows and Charismathics smart card PKCS#11 library is C:\WINDOWS\system32\cmP1164.dll.

If you have selected the correct module will come confirmation dialog similar to the following:

Install Windows - Mozilla Firefox Options - 10.png

Choose OK to the confirmation of the operation of addition of the module.

Install Windows - Mozilla Firefox Options - 11.png

After you click OK, your smart card will appear in the list of available devices.


Configuring use profile in Thunderbird

In order for you to sign your outgoing mails, you have to associate your account with your digital signature on your smart card. To do this follow the steps below:

If you are using Windows, choose Tools > Account Settings > Security, and for Linux and other UNIX systems choose Edit > Account Settings > Security, as it is shown:

Install Windows - Mozilla Thunderbird Account Settings.png

Choose the button Select... from the field Digital Signing.

You will get a window for choosing a certificate:

Install Windows - Mozilla Thunderbird Account Settings - 02.png

Choose the appropriate certificate from the smart card and confirm by clicking OK.

If the setting Digitally sign messages (by default) is checked every message send by you will be signed with choosed certificate.

Thunderbird will offer you to choose the same certificate for decrypting messages send to you. If you dont want to be the same certificate you can choose one from the button Select in the field Encryption. Please note that not every certificate can be used for encrypting or decrypting. These options depends of the type of your certificate.