Entering a user certificate in the mail program Thunderbird

In order for mails to be signed, you need a valid certificate. Here we assume that the certificate is in the form of a PKCS12 file. In the Thunderbird mail program, proceed as follows.

Setting the primary password

Due to the fact that certificates are used here, it is of immense importance to set a primary password. The password is requested when Thunderbird is started.

In principle, you should have this even if you don't have a certificate, to make unauthorized access to Thunderbird more difficult.

First of all, you should open the Thunderbird application menu (No. 1) and select Preferences (No. 2).


After that a new window appears. On the left side of the page, the item "Privacy & Security" (No. 3) must be selected. The sub-item "Passwords" (No. 4) should now be visible in the lower center of the screen. If you haven't set one yet, the checkbox "Use a Primary password" should not be set. Activate this point and click on "Change Primary Password...". (No 5).


Now a pop-up window should have opened asking you to enter a password and confirm it. Confirm your entries with "OK". After restarting Thunderbird you will be asked for the newly set password.


Adding new certificates


After opening Thunderbird, you should open the Thunderbird application menu (No. 1) and select the Preferences item (No. 2).


After this is done, a new window should open. There you have several choices on the left side of the page. For the next steps you have to go to the tab "Privacy & Security" (No. 3). Once in "Privacy & Security", you have to scroll down to the bottom of the page. There you will find the section "Certificates" (No. 4) and the option "Manage certificates..." (No. 5).


The pop-up window that opens now shows the "Certificate Manager". In the upper left corner is the category "Your Certificates" (No. 6). According to the standard, a blank table should be displayed. But this is now changed by clicking on "Import..." (No. 7). After selecting and inserting the PKCS12 file under the "Import..." option, this should now be visible in the table as follows:


Where under the item "Certificate Name" should be your name and under "Serial Number" your serial number. The certificates are usually valid for one year.

If you select a certificate and double-click on it or click on "View...", a new window will openĀ  and you will learn details about the certificate.


Setting up the account settings


To be able to use the registered certificate for your mails, you have to navigate to the "Account Settings" of your Uni-Mail account (No. 1).


After that you have to go to the category "End-To-End Encryption" (No. 2) and to the subitem "S/MIME" (No. 3). Once there, you have to select the Personal Certificate for the digital signature and for the encryption (No. 4).


This completes the setup.

If you now want to send a mail, you have to check "Require Encryption" and "Digitally Sign This Message" (No. 5).


However, remember not to use this option all the time, as not every employee has such a certificate yet and thus cannot access your message.