Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 3639 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

mail encryption CA authorities

Krycek
Hi,

I'm back to setting up email encryption on the astaro again. The problem I'm having: I want to do automatic certificate extraction on incoming mails. This only works when the S/MIME authorities are filled.

There's my problem: I don't have the standard authorities anymore. I don't know if I deleted them like years ago or if the have never been there. Is there a way to get them back?


This thread was automatically locked due to age.
  • 0
    Hi Krycek,

    you find a textfile with the orginal ca certs attached. Every section from 
    -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- represents one
    ca certificate. Just put every section in a single textfile and upload it at the
    "S-MIME Authorities" tab with type "PEM".

    Marco
    CAfile.zip
  • 0
    Very much appreciated. Thanks!
  • 0 in reply to Krycek
    Now I have another problem: I do automatic certificate extraction and verifying for signed incoming mails. most of the time that does work.

    Now I have a special case. It did extract the user certificate. Then it automatically added the needed non-official S/MIME Authority (why does it do that?).

    When I receive signed emails signed with those certs it cannot be validated by the astaro and passes the signed mail to the server - although it did extract the certificate it does not remove the signing. Why can it not validate it? I tried removing the authority and add it again by hand - no change.

    When I do the same thing in windows/outlook (import the ca cert), the certifcate is valid!
  • 0
    So, is the problem that there's no chain of trust available for their CA in the Astaro?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    No, since I added the SMIME authority (root cert) to that specific certificate in the s/Mime authorities... but it seems it doesn't recognize it. No idea why. The same root cert works in windows/outlook with the signature. I don't know where to find any more information on what'S not working correctly...
  • 0
    I don't master this subject, but I think it's possible that the Microsoft product has different CAs that let it establish a chain of trust.  Who signed their CA?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    here are both, the public root ca which I imported to the astaro and windows and one users public cert portion...
    public_certs.zip
  • 0
    I searched the CAs in our Astaro for e:secure 7 and found it, so I think this would work in my Astaro.  Is there one in yours for e:secure 7?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    yes - the one that's in the zip file too... I imported it because I had lost them all before (dunno why)
  • 0
    OK, like I said, I'm out of my depth on this.  It looks like the user cert has a cert path that is self-referential.  Maybe that works with Microsoft and not with Astaro?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner