Kmail silently rejects S/MIME Certificate
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdepim (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: kdepim
Scenario:
Adding an S/MIME cert to an identity. Clicking "modify", select a certificate.
What I expect to happen:
The certificate can be used or is being declined due a specific reason.
What happens instead:
When trying to add an S/MIME Certificate to KMail, it just rejects my certificate when clicking on it. See the screenshot: a red cross appears next to the certificate information. No other information why I cannot use this certificate is given.
I enabled debugging in crypto modules and started kmail with --nofork, but kmail doesn't give me any clue why my certificate is being rejected.
Additional information:
* S/MIME module is loaded
* Kleopatra is up and running
* Certificate is valid, complete trust chain imported. Issuer: CACert.org
* None of these does work: 2048 bit, 1024 bit, Single Mail adress, multiple aliases on certificate
* gpgsm knows my private and public certificate
* E-Mail address matches mine.
* CN matches my name.
Even if I do sth wrong, I expect kmail to be more user friendly by giving more feedback ("you cannot use this certificate, because <reason(s)>").
Regards,
Ben
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: kmail 4:4.4.2-0ubuntu5
ProcVersionSign
Uname: Linux 2.6.32-22-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Sat May 22 00:00:00 2010
ProcEnviron:
LANGUAGE=
PATH=(custom, user)
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: kdepim
I'm experiencing the exact same problem with a http:// www.startssl. com/ certificate and with self signed certificates. I wonder if I am missing something obvious or if it is really a bug.
I've found advice on the web reported to be successful. It said to add the following line to ~/.gnupg/ gpg-agent. conf:
allow-mark-trusted
that line gets added when I go into Kleopatra's menu Settings => Configure => GnuPG System => GPG Agent
and check the "Allow clients to mark keys as trusted" checkbox.
But it did not work for me. Maybe it works for you?