[horde] S/MIME
Ralph Ballier
ballier at mail.schule.de
Sat Dec 12 20:34:23 UTC 2015
Zitat von Jens Wahnes <wahnes at uni-koeln.de>:
> On Sat, Dec 12 2015, at 17:44:35 +0100, Ralph Ballier wrote:
>
>> if I open a S/MIME signed mail, I get the message:
>> "Message verified successfully but the signer's certificate could not be
>> verified."
>
>> Now I had read that I have to insert Root-CA in /etc/ssl/cert. I don't
>> understand this. If I look in the browsers certificat storage, there are
>> many many Root certificates.
>
> But you do understand that the browser has got nothing to do with this?
> The verification of the certificate used in a specific mail message is
> taking place on the server running Horde.
>
>> Shall I insert all this certificates in etc/ssl/cert?
>
> That depends a great deal on your operating environment and the kind of
> CAs that you trust. I guess most people will just use a common set of
> CA certificates their Linux distribution provides, i.e. install their
> distro's CA package and point Horde towards that directory. If you
> deem just a subset of these CAs trustworthy, you could of course just
> install those certificates. You'll have to take into consideration the
> kind of people that your users are going to exchange signed/encrypted
> messages with as well, of course.
>
> Jens
From an other Linux server I have take about 170 CA certificates and
installed at my server. Now it works. But I mean: who has the survey to
say: this are all trusted CA certificates????
Ralph
More information about the horde
mailing list