[horde] S/MIME

Jens Wahnes wahnes at uni-koeln.de
Sat Dec 12 18:06:53 UTC 2015


On Sat, Dec 12 2015, at 17:44:35 +0100, Ralph Ballier wrote:

> if I open a S/MIME signed mail, I get the message:
> "Message verified successfully but the signer's certificate could not be
> verified."

> Now I had read that I have to insert Root-CA in /etc/ssl/cert. I don't  
> understand this. If I look in the browsers certificat storage, there are 
> many many Root certificates.

But you do understand that the browser has got nothing to do with this? 
The verification of the certificate used in a specific mail message is
taking place on the server running Horde.

> Shall I insert all this certificates in etc/ssl/cert?

That depends a great deal on your operating environment and the kind of
CAs that you trust.  I guess most people will just use a common set of
CA certificates their Linux distribution provides, i.e. install their
distro's CA package and point Horde towards that directory.  If you
deem just a subset of these CAs trustworthy, you could of course just
install those certificates.  You'll have to take into consideration the
kind of people that your users are going to exchange signed/encrypted
messages with as well, of course.


Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.horde.org/archives/horde/attachments/20151212/cd374dff/attachment.bin>


More information about the horde mailing list