On Fri, 22 Aug 2025 01:21, Patrick Ben Koetter said: > My S/MIME key is valid until 2027 and the key's cert is imported into gpgsm as > well. What is it I'm missing? The CA cert? Can I / must I set a trust for a > (CA) cert? Any help to debug is very much welcome as I don't really know what
Yes you need to assign trust to the Root-CA cert. Unless the "no-allow-mark-trusted" option is set in gpg-agent.conf you should see a prompt to verify the fingerprint of the Root CA's certificate. If that option is set you need to insert it yourself into ~/.gnupg/trustlist.txt - there is a comment at the top explaining it. Rules for GnuPG (VS-)Desktop are a bit different; see the respecitive FAQ. I would suggest to run gpgsm --list-chain --with-validation <user-id> This should give enough hints on what is going on. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
