i have several problems with thawte certificates as well. Indeed i observed the same thing you see, with Thawte NOT TRUSTED as a CA. Currently i can't even seem to find Thawte Freemail in the CA list at all.
also there are some bugs filed that deal with not being able to import/restore certs from p12 files. (don't have the bug id's handy though) You might wanna check out bugzilla for those? Eric Dave Roberts wrote: > Eric typed: > >>are the certs of those people true/trusted and the CA for those >>certs trusted as well? > > > It seems to be less straight forward than that. Nearly all of my S/MIME > contacts use one of Thawte's certificates. When I initially checked my > settings, the Thawte intermediate CA's had no trust settings at all, so > I set them appropriately. Still no joy. > > I then sent a test mail to a work account of mine with a certificate > issued internally. That CA isn't trusted, but the e-mail was encrypted ok. > > When I view "Other People's" certificates, and I select the "Edit" > button - every single certificate shown claims that the CA is *not* > trusted. Yet if I click on "Edit CA Trust", the CA is shown as being > trusted for mail users (and sometimes more). > > I have even specifically trusted the end user certificate for the people > I am trying to e-mail, and I still cannot encrypt a mail to them. > > I then tried another contact, signed by the same CA. That message was > sent no problem, encrypted as expected. Perversely, that persons > certificate had expired. > > The last encrypted e-mail I sent to the person I'm trying to get in > touch with was on the morning before I installed 0.9.9. > > OK - so I just removed 0.9.9 and re-installed 0.9.8. I notice that the > CA's are now marked as trusted if I view settings via "Other People's", > yet I still could not encrypt. Then I noticed that the uninstall / > install had removed one of my personal certificates. Annoying, but > luckily I had backed them up!!! Re-installing that certificate, and I'm > back to normal, I can encrypt a message to my contacts. > > Now, having removed 0.9.8, and re-installed 0.9.9, I cannot encrypt to > my contacts again. Although the CA is now showing as being trusted, I > cannot encrypt no matter if I sent the trust settings explicitly for the > "other person" to trust or even don't trust. Something's broke. > > (And finally, I went back to the cert manager for one more check, and > the CA's that were showing as being trusted just 30 seconds ago, are now > being shown as not trusted!!!) > > - Dave. >
