From MozillaZine Knowledge Base
In order for the certificate authority (CA) to be trusted or your personal certificate, the CA that signed your certificate must have its certificate installed under Authorities in your certificate store. Thunderbird comes with some built in certificate authorities, but the list is hardly complete. It seems that there is a slant towards the major CAs whose first language is English and issue certificates to people in the U.S.
If your CA is not one of the built in certificate authorities and you are under Windows and have Internet Explorer (IE), you could import the certificate in this way:
- Open IE and go to "Tools -> Internet Options -> Content -> Certificates -> Trusted Root Certificate Authorities".
- Highlight the certificate(s) that you would like to export.
- Click on "Export" and complete the export wizard. (DER encoded binary ".cer" files work as a file format.)
- While completing the wizard, remember where you saved the certificate.
- Now, open Thunderbird and go to "Tools -> Options -> Advanced -> Certificates -> Manage Certificates... -> Authorities". (In Mozilla Suite, go to "Edit -> Preferences -> Privacy & Security -> Certificates -> Manage Certificates... -> Authorities".)
- Select "Import", select the file you saved above, and click "Open".
- Read the warning and select for what purpose you trust the certificate.
- Click "OK" if you trust it. It should now be installed.
- Optionally, you may want to delete the ".cer" file. If that is not possible, because the CA isn't there, you will need to contact your CA and see if they can give you their authorities public certificate.
Note: After performing this CA import, you may need to reimport any personal certificate not previously trusted.