Re: [Openca-Users] Outlook: problem in encryption

[Gottfried Scheckenbach]

One problem is solved: sending of encrypted mails needs the additon of 
the receiver to the contacts (using a signed mail from him...). grrr - 
how I hate them!

Regards,
Gottfried
---------- remaining problems

Hi all,

on my tests I found one more serious problem with Outlook/Win2K (and
OutlookExpress/ME:
1. Automatic import of cert on receiving singned mail
Can me tell somebody: is this a bug or a feature?
2. Encryption of mail after manual import
Does somebody know about logfiles where i can see, what's going wrong?
Outlook thinks the certificate is not valid or damanged...
3. Actualization of renewed "own" certificate

Here I can't get the new cert into the "own" cert storage. If I try to
use the CRIN mail URL
http://.../.../cgi-bin/pub/pki?cmd=getcert&key=<Number>&type=CERTIFICATE
then I get an error message of IE (both on ME and on Win2K) which tells
me the certificate would exist. If I try to import it as PKS#12 then it
get's represented in "other" certificates. When I try to select the
approproate certstorage (own certs) then IE talks about a successful
import but I see only the old cert...
The only way which works, is to delete the old cert and import the new
version in PKS#12 - but then you can't read previous encrypted data
anymore...
How do you install the renewed certs to the existing private keys of
your users?
1. Automatic import of cert on receiving singned mail
Can me tell somebody: is this a bug or a feature?
2. Encryption of mail after manual import
Does somebody know about logfiles where i can see, what's going wrong? Outlook thinks 
the certificate is not valid or damanged...
I think, both old problems arise cause Outlook has a problem in
getting/validating the CRL. I have two http CRL distribution points
defined and both are reachable and are working well with Mozilla. I
tested the configuration with renewed certs of both sender and receiver
which only have one CDP defined - no change!
In Outlook Express the automatic import and encryption of mails work,
but OE tells me on receiving encrypted mail:
"The digital ID has not been revoked or the list of the revoked ID's for
this certificate can not be found" (translated from german languge).
Is this perhaps a hint to my assumption? Do you have any ideas?

Regards,
Gottfried


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users