[horde] S/MIME

Simon B simon.buongiorno at gmail.com
Sat Dec 12 20:48:26 UTC 2015


On 12 Dec 2015 9:34 pm, "Ralph Ballier" <ballier at mail.schule.de> wrote:
>
>  Zitat von Jens Wahnes <wahnes at uni-koeln.de>:
>
>
>> On Sat, Dec 12 2015, at 17:44:35 +0100, Ralph Ballier wrote:
>>
>>> if I open a S/MIME signed mail, I get the message:
>>> "Message verified successfully but the signer's certificate could not be
>>> verified."
>>
>>
>>> Now I had read that I have to insert Root-CA in /etc/ssl/cert. I don't
>>> understand this. If I look in the browsers certificat storage, there are
>>> many many Root certificates.
>>
>>
>> But you do understand that the browser has got nothing to do with this?
>> The verification of the certificate used in a specific mail message is
>> taking place on the server running Horde.
>>
>>> Shall I insert all this certificates in etc/ssl/cert?
>>
>>
>> That depends a great deal on your operating environment and the kind of
>> CAs that you trust.  I guess most people will just use a common set of
>> CA certificates their Linux distribution provides, i.e. install their
>> distro's CA package and point Horde towards that directory.  If you
>> deem just a subset of these CAs trustworthy, you could of course just
>> install those certificates.  You'll have to take into consideration the
>> kind of people that your users are going to exchange signed/encrypted
>> messages with as well, of course.
>>
>> Jens
>
>
> From an other Linux server I have take about 170 CA certificates and
> installed at my server. Now it works. But I mean: who has the survey to
> say: this are all trusted CA certificates????

The sys-admin.  You.   No one said it was an easy job.

Simon


More information about the horde mailing list