Purpose: Secure Email (S/MIME) certificate installation guide
For Secure Email (S/MIME) certificate on Mozilla Thunderbird on Mac OS X
The installation is in three parts:
1) Importing S/MIME certificate to Keychain Access
2) Linking S/MIME certificate to your Mozilla Thunderbird profile
3) Storing a contact's Secure Email certificate (S/MIME exchange) 1. Click on the link in your certificate pickup email. Note the below image shows a pick-up email for a personal S/MIME, however this process is the same regardless if you've obtained a personal S/MIME from our retail site, or if you've obtained an Enterprise S/MIME issued to you from an ECS Enterprise account.
2. A browser window will open. Enter the password you used when you placed order or created certificate using ECS Enterprise account.
3. Import the .p12 file by saving it. Open the file. You will be asked to provide a password to open the file. Provide the same password provided in step 2.
4. The Keychain Access app should open automatically after providing the password. If not, you can find it in your apps by searching for "keychain".
5. In Keychain Access, on the left-hand menu under Category go to Certificates. There, you will see the imported certificate with the identity related to the email address for which it was made. Click on the certificate. Note there is an error "This certificate was signed by an unknown authority". You will need to download the Entrust CA intermediate certificate.
6. You can do so by selecting command+clicking on the certificate, and then selecting Get Info.
7. Now, under details, scroll down to Method #2 and select the URL. This will download the Entrust intermediate CA certificate.
8. Open the downloaded .cer file.
9. You will be asked if you want to add the certificate to a login keychain. Confirm you do by selecting Add.
10. The Entrust intermediate CA certificate and 2048 Root certificate will now appear in Keychain Access > Certificates.
11. As a result of importing the Entrust intermediate CA certificate and Root 2048 certificate and chaining them to your S/MIME certificate, your S/MIME certificate should now be valid.
The secure email certificate has been successfully imported to Keychain Access.
Part 2 of 3: Linking S/MIME certificate to Mozilla Thunderbird profile
1. If you had Mozilla Thunderbird open while you were importing the certificate, close and reopen it.
2. In Mozilla Thunderbird, go to your Email account on the left-hand menu and select View settings for this account.
3. Go to Security.
4. Here you will select your Digital Signing and Encryption certificate. However, in order to do so you need to import them to your Mozilla Thunderbird email profile. Go to View Certificates under the Certificates heading to open the Certificates Manager.
5. Go to the Your Certificates tab and select the Import... button.
6. Although you have chained your certificate to your OS in Part 1, you will need to import the .p12 file into Mozilla Thunderbird. After selecting the Import... button, find the .p12 file you saved in Part 1.
7. You will be asked to provide the password you set when your purchased or created the certificate. Enter that password here.
8. Your S/MIME certificate now appears in your list of certificates. Select OK to leave the Certificate Manager.
9. Now, back in the Security section of your Account settings, Select your Digital Signing and Encryption certificate. Upon hitting the Select button, you will be prompted to confirm you are choosing the correct certificate. Select OK to proceed.
*Thunderbird will prompt you with the below prompt. Select Yes to proceed.
10. Both your Digital Signing and Encryption certificate will be selected in your Security settings. Under Digital Signing select Digitally sign messages (by default). Under Encryption leave the default encryption setting to Never.
You have successfully linked your S/MIME certificate to your Mozilla Thunderbird profile.
Part 3 of 3: Storing a contact's Secure Email certificate (S/MIME exchange)
You can now send digitally signed and encrypted emails. Note, however, that to send encrypted email to someone else, you must have exchanged public keys with them.
To complete the S/MIME exchange:
1. Create a new message. You will notice a Security tab has appeared on the top header.
2. Compose a message to the user with whom you wish to exchanged public keys. Your message will automatically be digitally signed. Hit Send and confirm any security prompts that appear.
3. Once you receive a digitally signed email in return from the user with whom you are wishing to exchange encrypted email, open their email. On the far right side of the email heading, there is an icon (an envelope with a red seal) indicating the email has been digitally signed.
4. As a result of receiving digitally signed email from that user, you will have also received their public key. To ensure this is the case go to your email account on the left-hand menu, then View settings for this account. Then under Security: View Certificates, under the People tab you will be able to see their certificate listed.
You can now exchanged encrypted email with that user.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
|Australia||0011 - 800-3687-7863|
|Austria||00 - 800-3687-7863|
|Belgium||00 - 800-3687-7863|
|Denmark||00 - 800-3687-7863|
|Finland||990 - 800-3687-7863 (Telecom Finland)|
00 - 800-3687-7863 (Finnet)
|France||00 - 800-3687-7863|
|Germany||00 - 800-3687-7863|
|Hong Kong||001 - 800-3687-7863 (Voice)|
002 - 800-3687-7863 (Fax)
|Ireland||00 - 800-3687-7863|
|Israel||014 - 800-3687-7863|
|Italy||00 - 800-3687-7863|
|Japan||001 - 800-3687-7863 (KDD)|
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
|Korea||001 - 800-3687-7863 (Korea Telecom)|
002 - 800-3687-7863 (Dacom)
|Malaysia||00 - 800-3687-7863|
|Netherlands||00 - 800-3687-7863|
|New Zealand||00 - 800-3687-7863|
|Norway||00 - 800-3687-7863|
|Singapore||001 - 800-3687-7863|
|Spain||00 - 800-3687-7863|
|Sweden||00 - 800-3687-7863 (Telia)|
00 - 800-3687-7863 (Tele2)
|Switzerland||00 - 800-3687-7863|
|Taiwan||00 - 800-3687-7863|
|United Kingdom||00 - 800-3687-7863|
0800 121 6078
+44 (0) 118 953 3088