6.4. Using the Certificates on Tokens for Mail Clients

  1. In Mozilla Thunderbird, open the Edit menu, choose Preferences, and then click Advanced.
  2. Open the Certificate tab.
  3. Add a PKCS #11 driver.
    1. Click Security Devices to open the Device Manager window.
    2. Click the Load button.
    3. Enter the module name, such as token keypk11 driver.
    4. Click Browse, find the Enterprise Security Client PKCS #11 driver, and click OK. The PKCS #11 module used by these applications, by default, is located in /usr/lib/libcoolkeypk11.so.
  4. If the CA is not yet trusted, download and import the CA certificate.
    1. Open the SSL End Entity page on the CA. For example:
      https://server.example.com:9444/ca/ee/ca/
    2. Click the Retrieval tab, and then click Import CA Certificate Chain.
    3. Click Download the CA certificate chain in binary form and then click Submit.
    4. Choose a suitable directory to save the certificate chain, and then click OK.
    5. In Mozilla Thunderbird, open the Edit menu, choose Preferences, and then click Advanced.
    6. Open the Certificate tab, and click the View Certificates button.
    7. Click the Authorities tab, and import the CA certificate.
  5. Set up the certificate trust relationships.
    1. In Mozilla Thunderbird, open the Edit menu, choose Preferences, and then click Advanced.
    2. Open the Certificate tab, and click the View Certificates button.
    3. In the Authorities tab, select the CA, and click the Edit button.
    4. Set the trust settings for identifying websites and mail users.
    5. In the Digital Signing section of the Security panel, click Select to choose a certificate to use for signing messages.
  6. In the Encryption of the Security panel, click Select to choose the certificate to encrypt and decrypt messages.