I tried to get Thunderbird working with a PKCS12 certificate from CAcert, but I could never select this certificate for my account.

I used the following steps:
 1. open Account Settings
 2. Security
 3. View Certificates
 4. Import
 5. select PKCS12 file
 6. enter master password for software security device
 7. enter wrong password for PKCS12 file
 8. acknowledge error message
 9. enter correct password
10. now I'm back to Certificate Listing, which is still empty!
11. repeat 4,5,6,9,10 without improvement
12. close Account Settings, open Preferences
13. repeat 3,4,5,6,9,10 without improvement

I decided to restart thunderbird, and now I get the following behaviour, which is reproducible:

 1. restart thunderbird
 2. Edit / Preferences
 3. Certificates
 4. Certificate is listed in "Your Certificates"
 5. Close Preferences, open Account Settings
 6. Choose Security
 7. View Certificates
 8. No certificate listed in "Your Certificates"
 9. Close Account Settings, open Preferences
10. View Certificates
11. No certificates listed in "Your Certificates"

I still cannot sign emails, cannot select the certificate for my account:

1. Open Account Settings
2. Select Signing Certificate
3. "Certificate Manager can't locate a valid certificate that can be used to digitally sign your messages"

I can reproduce this bug with thunderbird-bin.

Looks a lot like an upstream bug to me, but maybe there is some strange setup about directory permissions or whatever that is Gentoo-specific, however unlikely.

I know I already had certificates working once. I'm not sure it was on this system, but I'm sure it was using this PKCS12 file. And I checked that openssl can parse it, convert it, and the thing is still valid.