on my tests I found one more serious problem with Outlook/Win2K (and OutlookExpress/ME:
> 1. Automatic import of cert on receiving singned mail > Can me tell somebody: is this a bug or a feature? > > 2. Encryption of mail after manual import > Does somebody know about logfiles where i can see, what's going wrong? > Outlook thinks the certificate is not valid or damanged...
3. Actualization of renewed "own" certificate
Here I can't get the new cert into the "own" cert storage. If I try to use the CRIN mail URL http://.../.../cgi-bin/pub/pki?cmd=getcert&key=<Number>&type=CERTIFICATE
then I get an error message of IE (both on ME and on Win2K) which tells me the certificate would exist. If I try to import it as PKS#12 then it get's represented in "other" certificates. When I try to select the approproate certstorage (own certs) then IE talks about a successful import but I see only the old cert...
The only way which works, is to delete the old cert and import the new version in PKS#12 - but then you can't read previous encrypted data anymore...
How do you install the renewed certs to the existing private keys of your users?
1. Automatic import of cert on receiving singned mail Can me tell somebody: is this a bug or a feature?
2. Encryption of mail after manual import Does somebody know about logfiles where i can see, what's going wrong? Outlook thinks the certificate is not valid or damanged...
I think, both old problems arise cause Outlook has a problem in getting/validating the CRL. I have two http CRL distribution points defined and both are reachable and are working well with Mozilla. I tested the configuration with renewed certs of both sender and receiver which only have one CDP defined - no change!
In Outlook Express the automatic import and encryption of mails work, but OE tells me on receiving encrypted mail:
"The digital ID has not been revoked or the list of the revoked ID's for this certificate can not be found" (translated from german languge).
Is this perhaps a hint to my assumption? Do you have any ideas?
Regards, Gottfried
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
