A self-signed smime certificate cannot be trusted in kleopatra and it is consequently not selectable for encryption or signing. We need to figure out if this applies only to self signed certificates or if that is a general problem.
Description
Description
Details
Details
- Ticket Type
- Task
Status | Assigned | Task | ||
---|---|---|---|---|
Resolved | mollekopf | T678 Windows: Encrypted mails | ||
Resolved | mollekopf | T711 Can't use smime keys in kmail |
Event Timeline
Comment Actions
- you need to create a PCKS12 for import into kleopatra
http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption
- that PCKS12 can be imported via kleopatra,but the trusted issuer is not set to ulimate after import
Marking it has trusted can be done by manually editing the file ~/.gnupg/trustlist.txt (there are instructions on the top) or by putting a line "allow-mark-trusted" into ~/.gnupg/gpg-agent.conf" and giving gpg-agent a HUP. With allow-mark-trusted active, gpg-agent will ask you whether you trust that root certificate and insert it for you into the trustlist.txt.
https://lists.gnupg.org/pipermail/gnupg-users/2009-February/035754.html
- the docu to kleopatra also metion these things:
https://docs.kde.org/stable4/en/kdepim/kleopatra/menucertificates.html
till now i did not get my self signed certificate shown as trust ulimate :(
Comment Actions
The problem was the CRL checking that is broken with no certificate revocation list in the certificate. The workaround is to disable CRL checking.