Re: any documentation for S/MIME setup for mutt? (Re: OT: Checking S/MIME signatures)
On Tue, Nov 25, 2003 at 01:05:24PM +0100, Robert Joop wrote:
> > PS: I am going to sign this posting. You probably don't have our root
> > CA's public key installed whence the verification will fail. But
> > at least you should see an error message like "unable to get local
> > issuer certificate".
>
> no, actually i get
>
> Verification failure
> 16485:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify
> error:pk7_smime.c:222:Verify error:self signed certificate in certificate
> chain
>
I forgot that in my .muttrc smime_sign_command is set such that the
whole certificate chain is attached, not only my own
certificate. That explains the different error message.
Sorry if I caused any confusion.
> i get this with other S/MIME mails, too.
If you verify a S/MIME signature and you don't have the corresponding
CA certificate then you get an error message like I wrote or like you
reported. You need to add the CA certificate to your trusted
certificate store with "smime_keys add_root". (Of course only after
you convinced yourself through an offline channel of the certificate's
integrity and after you checked that you can accept the CA's
certification policy!)
> does anybody know about any documentation of how to set this up, i mean
> the whole S/MIME stuff for mutt?
In mutt's CVS is a file doc/smime-notes.txt that describes the setup
step by step. I assume it is also contained in the current
distribution.
Do you have any specific questions?
Regards
Christoph
--
http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/cludwig.html
LiDIA: http://www.informatik.tu-darmstadt.de/TI/LiDIA/Welcome.html