1 |
On Sunday 20 May 2007 13:53, Jure Varlec wrote: |
2 |
> On Sunday 20 of May 2007 13:24:09 Mick wrote: |
3 |
> > Hi All, |
4 |
> > |
5 |
> > I am trying to get to grips with OpenSSL Certs in Kmail. I have created |
6 |
> > a CA and then created and signed with it a certificate for my email |
7 |
> > account (crt). Finally, I exported it as a pkcs12 bundle and tried to |
8 |
> > import it as smime into Konqueror & Kmail. All went seemingly well, |
9 |
> > except for: |
10 |
> > |
11 |
> > 1. When I tried to specify which cert to use in |
12 |
> > Kmail/Indentity/Cryptography I can see my imported Cert, but as I select |
13 |
> > it a red X comes up on the key symbol. I assume then that it is not |
14 |
> > suitable for smime |
15 |
> > signatures/encryption? |
16 |
> > 2. When I run gpgsm -K I get: |
17 |
> > =========================================== |
18 |
> > [snip] |
19 |
> > validity: 2007-05-19 18:12:12 through 2010-05-18 18:12:12 |
20 |
> > key type: 4096 bit RSA |
21 |
> > key usage: [error: No value] |
22 |
> > chain length: [error: No value] |
23 |
> > =========================================== |
24 |
> > |
25 |
> > which is different to another certificate I have obtained from |
26 |
> > www.cacert.org: =========================================== |
27 |
> > validity: 2007-04-23 13:49:42 through 2007-10-20 13:49:42 |
28 |
> > key type: 2048 bit RSA |
29 |
> > ext key usage: emailProtection (suggested), clientAuth (suggested), |
30 |
> > 1.3.6.1.4.1.311.10.3.4 (suggested), serverGatedCrypto.ms (suggested), |
31 |
> > serverGatedCrypto.ns (suggested) |
32 |
> > =========================================== |
33 |
> > |
34 |
> > Any ideas what I need to do to make this certificate valid for use by |
35 |
> > Kmail? |
36 |
> > |
37 |
> > PS. I am not sure if the above errors mean that there is anything wrong |
38 |
> > with my certificate, as opposed to Kmail & Kleopatra. Any certificate |
39 |
> > signed messages that I receive are not verified in Kmail - all I get is: |
40 |
> > ==================================================== |
41 |
> > Not enough information to check signature. [Details] |
42 |
> > |
43 |
> > Status: No status information available. |
44 |
> > ==================================================== |
45 |
> > |
46 |
> > If I press on [Details] Kleopatra pops up showing my cert. Selecting |
47 |
> > Verify just shows "done". |
48 |
> > |
49 |
> > Have you managed to make smime work with Kmail at all? |
50 |
> |
51 |
> Hello |
52 |
> |
53 |
> Heh, I dealt with a similar problem about a week ago. I'm not sure I'll |
54 |
> ever understand all these certificate issues that seem to crop up on just |
55 |
> about all platforms I ever used. |
56 |
> |
57 |
> As, for the solution, it seem Kleopatra wants app-crypt/dirmngr, emerging |
58 |
> it solved my problem. I'm not sure why relevant KDE apps don't depend on |
59 |
> it. |
60 |
|
61 |
Thanks Jure, I'm afraid it didn't help in my case. :( |
62 |
|
63 |
When I try to sign a message with my cacert.org certificate it fails |
64 |
with: "Signing failed: General error". Adding my selfsigned certificate also |
65 |
fails (but his may have something to do with the way I generated the |
66 |
certificate, rather than Kmail). This is sooo complicated compared to GnuPG. |
67 |
|
68 |
Anything else I could try? |
69 |
-- |
70 |
Regards, |
71 |
Mick |