On Sat, Sep 11, 2010 at 04:01:27PM +0200, Remco Rijnders wrote: > I'm hoping to use an S/MIME certificate issued by StartSSL to sign and > encrypt my mail. When trying to add the certificate I get the following > error: > > remmy@silvertown:~$ smime_keys add_p12 startssl.cert.p12 > > NOTE: This will ask you for two passphrases: > 1. The passphrase you used for exporting > 2. The passphrase you wish to secure your private key with. > > Enter Import Password: > MAC verified OK > Enter PEM pass phrase: > Verifying - Enter PEM pass phrase: > Couldn't identify root certificate! > No root and no intermediate certificates. Can't continue. at > /usr/bin/smime_keys line 708. Having investigated and experimented further, I've been able to solve this problem. I've requested a new certificate for an alternate email address from StartSSL and saved it to and exported it from firefox (iceweasel). Trying to add this new certificate with smime_keys worked out of the box! It seems that the .p12 files I had generated from Apple's keychain application were missing the root and/or intermediate certificates from the bundle. This also explains why I had this problem with all certificates I tried to load. With this new knowledge, I was also able to create and validly add my old keys for signing and decrypting to mutt. That said, given that I was able to manually get my keys working, I think perhaps smime_keys is being too harsh on refusing to load files without a root certificate chain? Both thunderbird and firefox accept these certificates without complaint. Sincerely, Remco Rijnders
Attachment:
signature.asc
Description: Digital signature