Continue reading " />

Help Center / Email Encryption in Mozilla Thunderbird

Important: Before you can create or import your own certificate and private key, you must first set a master password if you have not already done so (this can be done under TOOLS > OPTIONS > SECURITY by clicking on the PASSWORDS tab and checking “Use a Master Password” and entering a password). The master password is needed so that imported certificates are stored securely.

Adding your S/MIME Certificate to Mozilla Thunderbird

Once you have obtained a Personal Mail Certificate and Private Key Pair in a .p12 or .pfx file you can import it into Thunderbird. Once you have set a Master Password, you can import/install your personal S/MIME certificate by doing the following steps.

  1. Open the Certificate Manager under TOOLS > OPTIONS > ADVANCED > CERTIFICATES and click on the [VIEW CERTIFICATES] button.
  2. Click on the tab named “Your Certificates
  3. Click on “Import“.
  4. Select the PCKS12 certificate file (.pfx or .p12 format) you have been issued.
  5. It will ask you for the master password for the software security device. Enter your master password and click the [OK] button.
  6. Next, it will ask you for the password protecting your personal certificate. If your .p12 or .pfx file has a password then enter it here, otherwise leave this field empty. Then click the [OK] button.

You have now successfully imported your S/MIME certificate and can use it for digital signing and decrypting email.

Configure Mozilla Thunderbird for Digital Signing & Decrypting Email

Once you have the certificate installed you will want to configure Thunderbird to use that certificate for signing and/or decrypting email. To do that, go to TOOLS > ACCOUNT SETTINGS in Thunderbird. Then find the account with the email address that matches the email address in the certificate you just installed. Choose SECURITY under that account and select the certificate you just installed. The rest of the options should be self explanatory.

Installing Certificates From Contacts

To send encrypted messages to other people you must have their Public-Key Encryption Certificate (.cer) in the OTHER PEOPLE tab of your Certificate Manager. Thunderbird automatically adds other people’s S/MIME certificates to that tab when you receive form them a digitally signed message with a valid signature and with an S/MIME certificate issued by a recognized and trusted Certificate Authority (CA). CA certificates that appear in Thunderbird’s AUTHORITIES tab are recognized and trusted. CA certificates that do not appear in that tab are considered “unrecognized”.

Additional Resources

For more information about Email Encryption please see

Posted in: Email

Comments are closed.