An Unofficial Quick Guide to Installing a VeriSign Digital ID (S/MIME Certificate) for Lawyers

Installing an email encryption S/MIME (SMIME) certificate on Mozilla Thunderbird and Mozilla Firefox is simple. However, the instructions provided by Verisign (as of August 2011) do not appear to address newer versions of Mozilla products (circa 5.0+) and can be frustrating for a novice user. Note, this Unofficial Quick Guide tries to help lawyers only with the S/MIME install process and is provided AS IS (i.e., this worked for me). The Unofficial Quick Guide is not reviewed by or provided by Verisign and has no connection with them.

Before You Begin …

This Unofficial Quick Guide was prepared in July and August 2011. The Unofficial Quick Guide assumes that you are using the Firefox Web Browser (v.5.0 or 6.0) and Thunderbird Email Client (v.5.0 or 6.0).

Installation Overview—Or What You Need to Do to Install the New Email Certificate

Once you purchase the Digital ID (Verisign’s name for a S/MIME certificate or email encryption certificate), three steps are necessary to complete the installation process:

  1. download the new digital certificate,
  2. export the certificate from the web browser (Firefox), and
  3. install the exported certificate in the email client program (Thunderbird).

SB Tip: While implied, but to make clear here to avoid misunderstanding, the pick-up of the digital certificate occurs in the WEB BROWSER. The USE of the digital certificate occurs in the EMAIL CLIENT. This explains the three-step installation process—pick-up, export, and install.

Step 1: Pick-up [Downloading] the SMIME Certificate

At the time of this writing, Verisign sends an email notifying the purchaser that the new email certificate is ready for pickup. Simply follow Verisgn’s instructions EXACTLY as specified in the email to pickup the new certificate. Remember, the certificate pick-up process occurs in the WEB BROWSER (Firefox).

Step 2: Exporting the SMIME Certificate from Firefox 6.0 (or 5.0)

Because the pick-up occurs in the WEB BROWSER (Firefox), you must first export the new digital ID from the web browser. The steps for exporting are:

  • Click the Firefox Button … (upper left corner of Firefox)
  • Select Options … Options (options twice)
  • Select Advanced …
  • Click the Encryption TAB … (opening Certificate Manager)
  • Click the View Certificates button …
  • Click the Your Certificates Tab …
  • Click the Backup button (do not use Backup All at this point)
  • Use the default PKCS12 key file format
  • Assign a password and
  • Save the new key to secure location.

Make careful note of the location (final step above) where you save the backup. The file name used to backup the SMIME certificate is referred to as KEY in the next step. You will need this location during the import process below.

Step 3: Importing the SMIME Certificate Into Thunderbird 6.0 (or 5.0)

Now, you must import the backup file of the new digital certificate into the email client (Thunderbird). In Thunderbird, select:

  • Tools …
  • Account Settings …
  • Select the email address/account associated with the S/MIME certificate (remember, the new certificate will ONLY work with the email address embedded in the certificate)
  • Select the Security parameters item
    • NOTE: The Digitally Sign and Encrypt options may be blank if no prior certificates are installed.
  • Select View Certificates …
  • Import …
  • Navigate to the location of KEY (the exported file name from Step 2 above)
  • Select IMPORT
  • Type your password to open the key file (remember, this is the PASSWORD used in the export section, Step 2, above)
  • Click OK
  • NOW … you must select the newly imported key from the drop-down list for both digitally signing and encrypting.
    • Choose SELECT for each option in the Security window.
    • You can also check the box to always automatically sign messages.


This should complete the installation process. The SMIME certificate should now be ready to use. If you opted for signing all messages, then the SMIME certificate should attach to each message SENT FROM THE EMAIL ASSOCIATED WITH THE CERTIFICATE. You can also manually sign a message by starting a new email message (select WRITE), clicking the SMIME tab, and then check the Digitally Sign This Message option.

Parting Notes

If you are a lawyer, feel free to send me a signed message using my contact information.
If you find any errors or think updates are needed to this Unofficial Guide, please contact me using my contact information.

Please Cite As

Shannon Brown, Blog, An Unofficial Quick Guide to Installing a VeriSign Digital ID (S/MIME Certificate) for Lawyers (Aug, 22, 2011)

Publication Information

Original Publication: 2011-08-22