S/MIME installation in Mozilla Thunderbird


Installing an S/MIME certificate in Thunderbird offers you a secure and trustworthy method for encrypting and signing your e-mails. By using this certificate, you not only increase the security of your communication, but also actively protect your personal and business information from unauthorized access.


  • S/MIME certificate (can be purchased via our customer center)
  • Mozilla Thunderbird

Export of the S/MIME certificate as PFX file

For the installation in Thunderbird we need the S/MIME certificate as a .pfx file. The certificate can be exported directly via our customer center as a .pfx file.

To do this, navigate to the certificate management and select the desired S/MIME certificate (e-mail certificate). You can export the certificate as a PFX certificate under Settings.

Then select a password for the .pfx file, this will be requested by your e-mail client later when importing.

If you have forgotten your password, you can export the certificate again in the customer center and set a new password for the .pfx file.

Installation of the S/MIME certificate

After the certificate has been exported as a .pfx file, the S/MIME certificate can be stored in Thunderbird.

To do this, open Thunderbird and navigate to the account settings of your email inbox for which you want to store the S/MIME certificate. Here you can select end-to-end encryption in the settings of your email inbox and find the S/MIME section.

You can use the Manage S/MIME certificates button to call up Thunderbird's certificate management and import the previously downloaded certificate.

When importing, the password that was assigned when exporting must be entered. The S/MIME certificate will then appear in Thunderbird's certificate management.

You can exit the certificate management by clicking on the OK button.

The certificate is automatically assigned to the respective mailbox if the e-mail address of the certificate matches that of the e-mail mailbox. If this is not the case, the previously imported certificate can be selected using the Select... button.

S/MIME settings

Further settings can then be made afterwards via the S/MIME settings.

Setting Description
Encryption of new messages By default, new messages are not automatically encrypted as the recipient must be in possession of the certificate in order to decrypt the message.
Digitally sign unencrypted messages To ensure that new messages are automatically signed, it is necessary to activate this setting