<<< Date Index >>>     <<< Thread Index >>>

Re: any documentation for S/MIME setup for mutt? (Re: OT: Checking S/MIME signatures)



On Tue, Nov 25, 2003 at 01:05:24PM +0100, Robert Joop wrote:
> > PS: I am going to sign this posting. You probably don't have our root
> >     CA's public key installed whence the verification will fail. But
> >     at least you should see an error message like "unable to get local
> >     issuer certificate".
> 
> no, actually i get
> 
> Verification failure
> 16485:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify 
> error:pk7_smime.c:222:Verify error:self signed certificate in certificate 
> chain
> 

I forgot that in my .muttrc smime_sign_command is set such that the
whole certificate chain is attached, not only my own
certificate. That explains the different error message.

Sorry if I caused any confusion.

> i get this with other S/MIME mails, too.

If you verify a S/MIME signature and you don't have the corresponding
CA certificate then you get an error message like I wrote or like you
reported. You need to add the CA certificate to your trusted
certificate store with "smime_keys add_root". (Of course only after
you convinced yourself through an offline channel of the certificate's
integrity and after you checked that you can accept the CA's
certification policy!)

> does anybody know about any documentation of how to set this up, i mean
> the whole S/MIME stuff for mutt?

In mutt's CVS is a file doc/smime-notes.txt that describes the setup
step by step. I assume it is also contained in the current
distribution. 

Do you have any specific questions?

Regards

Christoph

-- 
http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/cludwig.html
LiDIA: http://www.informatik.tu-darmstadt.de/TI/LiDIA/Welcome.html