In Thunderbird how can I use an S/MIME client certificate if it doesn't match my primary account name?

In Thunderbird how can I use an S/MIME client certificate if it doesn't
match my primary account name?

In my Thunderbird settings I have a number of email addresses @domain.tld.
My email provider, however, is @domain2.tld and in order to send emails
from the @domain.tld I connect to my own SMTP server.
Now recently I received an S/MIME client certificate and would like to
make use of it for at least communication with the issuer and whenever the
email address is used to talk with users of the software (the email alias
is a role alias for code signing).
It's no problem to import the client certificate into Thunderbird's
certificate store. It is also possible to configure this under "Account
Settings". See the screenshot:

Now if I configure the client certificate for signing@domain.tld to be
used here, this is bound to the incoming server and all its settings.
However, since the email alias (or "identity") for which the certificate
is valid only exists on the outgoing SMTP server, I don't see how this is
going to help.
Also, when trying to send an S/MIME-signed message via the email alias, I
get the following message box:

I keep getting that message box despite the fact that I configure the
primary account's "Security" with this certificate. So my guess is that
this should be a separate setting somewhere.
Question: how can an email identity for which no incoming server
configuration exists be assigned an S/MIME certificate to use for signing
and encryption?