Child pages
  • Using S/MIME Client Certificates with Thunderbird
Skip to end of metadata
Go to start of metadata

If you want to set up digital signing and/or email encryption with Thunderbird you can follow the instructions in this page.  The process involves creating the certificate, adding it to Thunderbird, and then configuring Thunderbird to use the newly added certificate.

  1. Creating the S/MIME Certificate - You will first need to create the certificate which is described in the Get an S/MIME Certificate section of the IU KB document Using S/MIME client certificates at IU.  When completed, you should have a .p12 file.  This process is independent of the mail client you are using so you can follow the standard IU procedures in this KB document.

  2. Load the Certificate Into Thunderbird - Once you have the .p12 file from step 1, you can load that into Thunderbird.  Just go to Preferences>Advanced>Certificates>Manage Certificates>Import and import the .p12 file you generated.  When prompted, you will need to enter the certificate PIN passphrase you used when you created the certificate.

  3. Configure Thunderbird To Use IU GAL - When you send email, you can use the IU Global Address List (GAL) to find public encryption keys for IU users.  You can set this up by going to Preferences>Composition>Addressing>Check Directory Server>Edit Directories...>Add.  From there, enter the following:

    1. Name: IU ADS Global Address List
    2. Hostname:
    3. Base DN: dc=ads,dc=iu,dc=edu
    4. Port Number: 3269
    5. Bind DN: ads\username (where you replace username with your IU username)
    6. Be sure to check "Use secure connection (SSL)" button

  4. Configure Thunderbird Account Settings - Once you have the certificate loaded, you can then set the IU account up to use it.  Go to Account Settings>Security (for IU account).  Under Digital Signing click Select... and pick the certificate you loaded from step 2 above.  You can optionally click 'Digitally sign messages (by default)' if you want to sign messages by default which is recommended.    If not already done, also Select... the same certificate for email Encryption.

  5. Add Certificate To IU GAL - If you want other IU users to be able to send you encrypted email, you will want to add your certificate to the IU Global Address List (GAL).  Unfortunately, we know of no way to do this without using the standard Microsoft Outlook email client per the instructions at   If you don't have an easy way to run Microsoft Outlook to do this, you can always run Outlook using IUAnyWare.
  • No labels