> > So in fact the certificates issued by trustcenter.de are invalid because > the root-CA is invalid (expired)? > > The chain is as follow: > > root-CA : valid from 09.03.1998 11:59:59 GMT - 01.01.2011 11:59:59 GMT > --> expired > > sub-CA : Nov 26 16:01:23 2007 GMT - Dec 31 22:59:59 2025 GMT > > certificate : 23.03.2008 until 23.03.2011
It seems that they have issued a new root certificate. It looks like they have introduced a cross certificate into the chain to make the 'old' non expired sub-ca valid. So, you should import "Neue Root-Zertifikate/TC TrustCenter Class 2 CA II" with SHA1 thumbprint: ae:50:83:ed:7c:f4:5c:bc:8f:61:c6:21:fe:68:5d:79:42:21:15:6e and "Zwischenzertifikat / Crosszertifikat": TC TrustCenter Cross Class 2 with SHA1 thumbprint: 51:ee:c2:46:09:78:95:9b:ae:56:ca:0a:71:eb:35:d6:ca:04:21:2d The sub-ca that was used to sign the certificates is now trusted again. I think that they introduced the cross certificate as a way to start using the new root. Kind regards, Martijn -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
