A contact is trying to establish encrypted and signed communication with me using S/MIME. She has a certificate from her organization, which was issued from a non-public CA. It is not a self-signed certificate. Unfortunately, I don't have that CA's certificate, so Thunderbird is reporting that her signatures are invalid.

How can I manually trust her email certificate without having the issuing CA in Thunderbird?