[horde] S/Mime not verified

Andreas Mauser andreas at mauser.info
Wed May 30 20:18:30 UTC 2012


Hi all,

----- Nachricht von Vilius ?umskas <vilius at lnk.lt> ---------
   Datum: Wed, 30 May 2012 22:52:23 +0300
     Von: Vilius ?umskas <vilius at lnk.lt>
Betreff: Re: [horde] S/Mime not verified
      An: horde at lists.horde.org


> Andreas Mauser <andreas at mauser.info> ra??:
>
>> Hi Mike, again.
>>
>> ----- Nachricht von Michael J Rubinsky <mrubinsk at horde.org> ---------
>>  Datum: Wed, 30 May 2012 11:28:05 -0400
>>    Von: Michael J Rubinsky <mrubinsk at horde.org>
>> Betreff: Re: [horde] S/Mime not verified
>>     An: horde at lists.horde.org
>>
>>
>>> Quoting Andreas Mauser <andreas at mauser.info>:
>>>
>>>> Hi Andreas,
>>>>
>>>> ----- Nachricht von lst_hoe02 at kwsoft.de ---------
>>>> Datum: Wed, 30 May 2012 17:03:52 +0200
>>>>  Von: lst_hoe02 at kwsoft.de
>>>> Betreff: Re: [horde] S/Mime not verified
>>>>   An: horde at lists.horde.org
>>>>
>>>>
>>>>> To "verify" the certifcate you need a matching trusted root-CA  
>>>>> and all sub-CAs involved to verify the whole chain. I guess you  
>>>>> either don't have the root-CA on your system of Horde is not  
>>>>> able to access the path with root-CAs.
>>>>
>>>> Thank you for the information.
>>>>
>>>> In my vHost I have:
>>>>
>>>> SSLEngine On
>>>> #SSLCertificateKeyFile /root/certscreate/psw2008.key
>>>> SSLCACertificateFile /etc/httpd/conf.d/certificates/cabundle.crt
>>>> SSLCertificateKeyFile /etc/httpd/conf.d/certificates/mauser.info.key
>>>> SSLCertificateFile /etc/httpd/conf.d//certificates/mauser.info.crt
>>>>
>>>>
>>>> Is this the right thing at the right place?
>>>> And if so, are there any rights I have to give this vHost or  
>>>> something else?
>>>
>>>
>>> No, this is for the webserver's ssl support.
>>>
>>> Make sure you have configured OpenSSL support in horde's config.  
>>> Specifically, the location of the root certificates bundle.
>>
>> If a directory is specified, then it must be a correctly formed  
>> hashed directory as the openssl command would use.
>>
>> Since /etc/ssl/certs is a directory, what does it mean 'it must be  
>> a correctly formed hashed directory' ?
>
> Just use full path of the CA bundle instead of directory.

Some Information at this point, regarding CentOS6.

This could be a way to fix:
http://eric.lubow.org/2011/security/fixing-centos-root-certificate-authority-issues/

But I found two ca-bundle.crt in my system:

#: locate ca-bundle.crt
/etc/pki/tls/certs/ca-bundle.crt
/usr/share/doc/mutt-1.5.20/ca-bundle.crt

Since the first just does not work I tried the one in  
/usr/share/doc/mutt-1.5.20 with success!

Hope that helps anyone!

Thank you for hitting my head on it! :)
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5014 bytes
Desc: S/MIME Signatur
URL: <http://lists.horde.org/archives/horde/attachments/20120530/e8245aff/attachment.bin>


More information about the horde mailing list