Usually, when you import a certificate into Mozilla, each certificate will get assigned a unique "nickname". The cert stored in the internal database will remember the association from actual cert to nickname.
The configuration in mail remembers the cert nickname. If you are testing and doing trial and error, I guess you are playing with your own CA and generating your own certs. Make sure you don't confuse Mozilla by re-using the same certificate serial numbers. Mozilla's crypto library NSS uses the pair {issuer,serial number} to uniquely identify a cert. If you reuse serial numbers, you pretty much confuse Mozilla. If you ensure that, Mozilla should be clever enough to remember which exact certificate you have selected for email configuration and to automatically switch to a different one. Kai Larry Riffle wrote: > I'm involved in a project evaluating PKI for some local applications. > Thus I have several certificates and others are added and deleted > regularly. I'm new to this. Lots of trial and error going on here. > > I have to keep going back and re-selecting my email encryption > certificate. The one I want to use for everyday email keeps getting > replaced by some of my more bizarre test attempts. > > Most of the time the only way I can even get the certificate I want to > show up on the selection list is to delete all the others. Will I have > to use seperate keys for each to keep Mozilla from overriding? I'd > rather not do that. >