Banner of question marks

Using a Digital Certificate in Mozilla® Thunderbird to Digitally Sign and Encrypt Emails

If you have a digital certificate, you can use it to digitally sign and encrypt emails. IdenTrust digital certificates that can be used for this application include:

  • DoD ECA certificates
  • IdenTrust TrustID® certificates
  • IdenTrust Global Common (IGC) certificates

Mozilla Thunderbird has its own certificate storage mechanism that is independent of certificate storages in Microsoft® Windows® or other Mozilla products.

Please note that you will need to have backed up your certificate to a file beforehand. If you need assistance with that process, please see our instructions on How to Export a Certificate When Using Microsoft Windows OS.

To install your digital certificate into Mozilla Thunderbird to digitally sign or encrypt emails, follow these instructions:

  1. Within Thunderbird, click on “Menu” and then hover over the “Options” or “Preferences” section
     
  2. Click on the “Account Settings” section; then click the “Security” tab.
     
  3. Click the “View Certificates” button; then click the “Import” button.
     
  4. Locate the backup file for your certificate and click “Open
     
  5. You will be asked to enter the certificate backup password; then click “OK”. (The certificate backup password is the password you chose when exporting/backing-up the certificate.)
     
  6. Click “OK” to close the “Certificate Manager” screen. Click “OK” again to close the “Options” window.

 Configure Thunderbird with a Default Certificate

  1. Within Thunderbird, click on “Menu” and then hover over the “Options” or “Preferences” section.
     
  2. Under your “Email Account Heading” (you may need to expand it), click on “Security
     
  3. Next to the box for “Use this certificate to digitally sign messages you send”, click “Select”.
     
  4. Choose the correct digital certificate to use.

    Note that the email address in your email account should match the address in the certificate.
     
  5. Next to the box for “Use this certificate to encrypt & decrypt messages sent to you”, click “Select”.
     
  6. Choose the correct digital certificate to use (per the instruction in Item 4 above).
     
  7. Click “OK” to finish and save these settings. 

(Optional) Configure Thunderbird to Sign and/or Encrypt Every Message

If you would like Thunderbird to digitally sign and/or encrypt every email message sent, follow the steps below. Please note that this is not necessary to do; you may choose to sign and/or encrypt each message individually.

  1. Within Thunderbird, click on “Menu” and then hover over the “Options” or “Preferences” section.
     
  2. Under your “Email Account Heading” (you may need to expand it), click on “Security”.
     
  3. If you want to digitally sign all email messages, under “Digital Signing”, place a check in the box titled “Digitally sign messages (by default)”.
     
  4. If you want to digitally encrypt all email messages, under “Encryption” make sure the option “Required” has been selected.

    Note: To encrypt an email, you must have a copy of the recipient’s digital certificate (but not private key).
     
  5. Click “OK” to finish and save these settings.

 Choose to Sign and/or Encrypt Individual Emails

  1. Within Thunderbird, click on “Menu” and then hover over the “Options” or “Preferences” section.
     
  2. . If you want to digitally sign this message, select “Digitally Sign This Message”.
     
  3. . If you want to encrypt this message, select “Encrypt This Message”.

    Note: To encrypt an email, you must have a copy of the recipient’s digital certificate (but not private key).