Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Problem using ne S/MIME

Last post 04-27-2009, 4:01 by David H. Lipman. 4 replies.
Sort Posts: Previous Next
  •  04-26-2009, 3:28

    Problem using ne S/MIME

    Attachment: Image1.jpg

    Reference Usenet: Message-ID: <38u2v49n17p9s3m08u589fmvds52b6norq@4ax.com>

    { I PREFER Usenet ! }

    I sent my self a digitally signed email. My recipient PC has all the chain's certificates in the certificate store.  However I get...

    "However the issuer of the certificate used for signing could not be verified"

    I have all the needed certificates in the chain including the Root Certificate.  I even verified this.

     



    --
    Dave
  •  04-26-2009, 11:25

    • idw is not online. Last active: Sat, Aug 17 2019, 17:02 idw
    • Top 10 Contributor
    • Joined on 03-25-2007
    • Germany
    • SuperStar
    • Points 47,055
    • BetaTeam

    Re: Problem using ne S/MIME

    David H. Lipman:

    Reference Usenet: Message-ID: <38u2v49n17p9s3m08u589fmvds52b6norq@4ax.com>

    { I PREFER Usenet ! }

    I know, but these days it looks like an antique in extinction ...

    David H. Lipman:

     I sent my self a digitally signed email. My recipient PC has all the chain's certificates in the certificate store.  However I get...

    "However the issuer of the certificate used for signing could not be verified"

    I have all the needed certificates in the chain including the Root Certificate.  I even verified this.

    From my Usenet reply:

    idw:

    Well, the system itself is reporting this error, so something must be wrong: (...) Did you check the (issuer's) certificate resp. the certificate chain (manually, i.e. via button/menu entry, because it may take some time)?

    The below URL displays the dialog you should get, does it show a similar message?

    <http://technet.microsoft.com/en-us/library/cc962071.aspx>.

    Maybe the issuer's certificate is not in the "Trusted Root Certificates" store, see <http://technet.microsoft.com/en-us/library/cc940384.aspx>.

    Sorry, but certificate management (like key management with PGP) is a rather demanding issue if you don't use standard certificates issued by roots pre-installed by IE (I'm not saying I prefer it this way, it's just a matter of fact).

    The automated verification is less strict in that it only checks the local certificate store for the certificate chain (which is usually included in the signed message anyway) and revocation lists etc. because otherwise you may have to wait until it times out before a message gets displayed. It shouldn't fail on verifying the (self-signed) root certificate, though, at least if it has been installed into your Trusted Root Certificates store.

    If you've done this already can you please send a signed message to my personal email address (shown on the extension's "About ..." Dialog) so I can check this issue?


    Michael

    --
    PGP Key ID (RSA 2048): 0xC45D831B
    PGP Plugin for Pegasus Mail: <http://www.pmpgp.de/pmpgp/>
    S/MIME Certificate Fingerprint: 26 5c a3 60 02 c6 e3 8a 75 70 d5 6a 67 ff d3 8d b0 b5 5e 5b
  •  04-26-2009, 14:19

    Re: Problem using ne S/MIME

    idw:
    I know, but these days it looks like an antique in extinction ...

    Yeah.  That SUCKS.

    After years of Adobe hosting the AdobeForums.Com with NNTP access and forum hosting (actually unilateral feed to Usenet) they have turned off NNTP access and now use Jive software.  Man does that suck.  I will no longer participate as the front-end is slow as hell and is SOOOOO EXPLOITABLE.

    I am so used to using one News Client and moving in/out of News Servers and groups.  It is PITA to have to load different web pages for different forums that have different front-ends that are slow a sh!t. 

    US ISPs are dismantling Usenet over CP.  My ISP, Verizon, has dropped all but the Big-8 hierarchies and censor out the Binaries.  All thanx to NY Attorney General Cuomo .  other US ISPs have dropped Usenet access all together. Angry

    idw:

    The automated verification is less strict in that it only checks the local certificate store for the certificate chain (which is usually included in the signed message anyway) and revocation lists etc. because otherwise you may have to wait until it times out before a message gets displayed. It shouldn't fail on verifying the (self-signed) root certificate, though, at least if it has been installed into your Trusted Root Certificates store.

    If you've done this already can you please send a signed message to my personal email address (shown on the extension's "About ..." Dialog) so I can check this issue?

     

    I have double, triple, verified that the Root Certs are in the Root Certificate Store.  In doing so last night I blocked my Smart Card and on Monday AM I have to reset my Smart Card No

    Unless you have an email account in the US, I can not send you a signed email.

     


    --
    Dave
  •  04-26-2009, 16:28

    • idw is not online. Last active: Sat, Aug 17 2019, 17:02 idw
    • Top 10 Contributor
    • Joined on 03-25-2007
    • Germany
    • SuperStar
    • Points 47,055
    • BetaTeam

    Re: Problem using ne S/MIME

    David H. Lipman:

    I have double, triple, verified that the Root Certs are in the Root Certificate Store.  In doing so last night I blocked my Smart Card and on Monday AM I have to reset my Smart Card No

    Sorry to hear ...

    David H. Lipman:

    Unless you have an email account in the US, I can not send you a signed email.

    I don't. Unfortunately it's probably impossible to solve this issue theoretically: CAPICOM offers only two options for verifying, CAPICOM_VERIFY_SIGNATURE_ONLY (the one I use) and CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE which would take significantly longer. But if the former is really applied I don't quite understand why this error occurs at all. Would it be possible to get the issuer's certificate (a signed message is the easiest way, but you may just export it to file and send as an attachment)? This way I could take a look at the properties and compare it to other root certificates to see what's different (unless you're willing to do this).


    Michael

    --
    PGP Key ID (RSA 2048): 0xC45D831B
    PGP Plugin for Pegasus Mail: <http://www.pmpgp.de/pmpgp/>
    S/MIME Certificate Fingerprint: 26 5c a3 60 02 c6 e3 8a 75 70 d5 6a 67 ff d3 8d b0 b5 5e 5b
  •  04-27-2009, 4:01

    Re: Problem using ne S/MIME

    Problem resolved !

    Renamed;  pm-smime.fff [Dated: 11-15-2001]   to  pm-smime.fff.bak

    This old utility was interfering!

    ; Form Fact File for S/MIME-Services to Pegasus Mail 32
    ; Copyright 1998 Michael in der Wiesche, all rights reserved.
    ; Modified in 2001 by Christian Biesinger for S/MIME Plugin
    ;
    ; -------------------------------------------------------------------------
    ; WARNING -- WARNING -- WARNING -- WARNING -- WARNING -- WARNING -- WARNING
    ; -------------------------------------------------------------------------
    ; WinPMail forms are executable code! You should never load forms onto your
    ; system unless you are absolutely certain of their pedigree, because they
    ; are a perfect vehicle for trojan horses.
    ;
    ; "Form flags" is a bitmap composed of the following bits:
    ;
    ;  Mnemonic     Value   Meaning
    ;  ----------------------------------------------------------------
    ;  WPM_STARTUP    1     Load the extension when WinPMail starts up
    ;  WPM_NOLIST     2     Do not show in the "Extensions" window list
    ;  WPM_HIDDEN     4     Hide the parent MDI window on loading
    ;  WPM_LOGGING    8     Extension wants to receive logging events
    ;  WPM_ONEONLY   16     Only allow one running instance at any time
    ;  WPM_FIRSTRUN  32     Autoload extension on first-ever WinPMail run
    ;  WPM_USES_TCP  64     Extension requires TCP/IP services to run

    ;WPM_CAN_ENCRYPT         = 256;   {  Module can encrypt messages }
    ;WPM_CAN_DECRYPT         = 512;   {  Module can decrypt messages }
    ;WPM_CAN_SIGN            = 1024; {  Module can add digital signatures to messages }
    ;WPM_CAN_VALIDATE        = 2048; {  Module can verify digital signatures }
    ;WPM_HAS_INTERFACE       = 4096; {  Module has a key management user interface }
    ;WPM_NEEDS_BURSTING      = 8192; {  Module requires one message per recipient }

    ; Needs Password         = 16384
    ; IS_V2_MODULE           = 32768

    Form name = "S/MIME Plugin"
    Form DLL = "~a\PMSMIME.DLL"
    Form type = ENCRYPTOR
    Form Flags = 128774
    Form tagname = "SMIME-PM32"
    Form triggers = "Content-Type:*application/x-pkcs7-mime*"
    Form triggers = "Content-Type:*application/pkcs7-mime*"
    Form triggers = "Content-Type:*multipart/signed*"
    Form data = "CRYPTOR"
    32-bit model = 1
    End

     


    --
    Dave
View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page