Create and install self-signed SMIME certificate for thunderbird

  I use microsoft's makecert.exe to create my certificate. You can get this tool from Microsoft Windows SDK.

  If you have only one email that needs encrypt and sign, do the steps below.
  I. Create a certificate authority with exchange type. Sample:
makecert -r -pe -n "CN=zbtest" -a md5 -sky exchange -cy authority -sp "Microsoft Strong Cryptographic Provider" -b 01/01/2011 -e 01/01/2100 -len 1024 -sv zbtest.pvk zbtest.cer

  II. Create a pfx file for the certificate. Sample:
cert2spc zbtest.cer zbtest.spc
pvk2pfx -pvk zbtest.pvk -spc zbtest.spc -pfx zbtest.pfx

  III. Import certificate authority to thunderbird.

1. In Thunderbird, go to "Tools -> Options... -> Advanced -> Certificates -> Manage Certificates...".


2. Go to the "Authorities" tab.


3. Click on "Import".


4. Select the "zbtest.cer" file.


5. It will ask you for what purposes you want to trust the certificate. Select "Trust this CA to identify email users."


6. Click "OK" to complete the import.

  IV. Import personal certificate to thunderbird.

1. In Thunderbird, go to "Tools -> Options... -> Advanced -> Certificates -> Manage Certificates...".


2. Go to the "Your Certificates" tab.


3. Click on "Import".


4. Select the "zbtest.pfx" file.


5. It will ask you for the master password for the software security device. Enter your master password and click "OK".


6. Next, it will ask you for the password protecting your personal certificate. If your pfx file has a password, enter it here, otherwise leave this field empty. Then click "OK".

  If you have multiple emails that needs encrypt and sign, do the steps below.
  I. Create a certificate authority. Sample:
makecert -r -pe -n "CN=zbtest_ca" -a md5 -sky signature -cy authority -sp "Microsoft Strong Cryptographic Provider" -b 01/01/2011 -e 01/01/2100 -len 1024 -sv zbtestca.pvk zbtestca.cer

  II. Import certificate authority to thunderbird.

1. In Thunderbird, go to "Tools -> Options... -> Advanced -> Certificates -> Manage Certificates...".


2. Go to the "Authorities" tab.


3. Click on "Import".


4. Select the "zbtestca.cer" file.


5. It will ask you for what purposes you want to trust the certificate. Select "Trust this CA to identify email users."


6. Click "OK" to complete the import.

  III. Create a personal certificate for email. Sample:
makecert -pe -n "CN=zbtest_mail_aaa;E=zbtest@aaa.com" -a md5 -sky exchange -ic zbtestca.cer -iv zbtestca.pvk -sp "Microsoft Strong Cryptographic Provider" -b 01/01/2011 -e 01/01/2100 -len 1024 -sv zbtestmail_aaa.pvk zbtestmail_aaa.cer

  IV. Create a pfx file for personal certificate. Sample:
cert2spc zbtestmail_aaa.cer zbtestmail_aaa.spc
pvk2pfx -pvk zbtestmail_aaa.pvk -spc zbtestmail_aaa.spc -pfx zbtestmail_aaa.pfx

  V. Import personal certificate to thunderbird.

1. In Thunderbird, go to "Tools -> Options... -> Advanced -> Certificates -> Manage Certificates...".


2. Go to the "Your Certificates" tab.


3. Click on "Import".


4. Select the "zbtestmail_aaa.pfx" file.


5. It will ask you for the master password for the software security device. Enter your master password and click "OK".


6. Next, it will ask you for the password protecting your personal certificate. If your pfx file has a password, enter it here, otherwise leave this field empty. Then click "OK".

  VI. For another email loop step III to step V.

  Note: The pvk2pfx command will pop up an export wizard if -pfx option is not given.