I am trying to sign/encrypt email using Thunderbird 102.9.0 on RHEL 8.7 with a USB IdenTrust ECA. I am able to use the same ECA on Windows with Outlook and the ActivClient middleware. In the "S/MIME Security Devices" window I have a security device "p11-kit-proxy" which shows my ECA as "ActivIdentity Activkey_Sim [CCID Bulk Interface] 00 00". I am able to "Log In" to the device. Under "Manage S/MIME Certificates" I am able to view the two certificates from the ECA. Both have my correct email address under "Subject Alt Names". One has "Key Usages" listed as Key Encipherment and E-mail Protection. The other lists Digital Signature, Non-Repudiation, Client Authentication, E-mail Protection, Smartcard Login. The problem occurs when I try to Select the S/MIME Personal certificate for digital signing or encryption. When I click either of those buttons I get the following error: "Certificate Manager can't locate a valid certificate that can be used to digitally sign your messages with an address of <my email address>." It seems like the ECA certs should be available to select since Thunderbird can log into the device and view them. I've run out of ideas on how to troubleshoot this.