Zitat von Martijn Brinkers <[email protected]>:
So in fact the certificates issued by trustcenter.de are invalid because the root-CA is invalid (expired)? The chain is as follow: root-CA : valid from 09.03.1998 11:59:59 GMT - 01.01.2011 11:59:59 GMT --> expired sub-CA : Nov 26 16:01:23 2007 GMT - Dec 31 22:59:59 2025 GMT certificate : 23.03.2008 until 23.03.2011It seems that they have issued a new root certificate. It looks like they have introduced a cross certificate into the chain to make the 'old' non expired sub-ca valid. So, you should import "Neue Root-Zertifikate/TC TrustCenter Class 2 CA II" with SHA1 thumbprint: ae:50:83:ed:7c:f4:5c:bc:8f:61:c6:21:fe:68:5d:79:42:21:15:6e and "Zwischenzertifikat / Crosszertifikat": TC TrustCenter Cross Class 2 with SHA1 thumbprint: 51:ee:c2:46:09:78:95:9b:ae:56:ca:0a:71:eb:35:d6:ca:04:21:2d The sub-ca that was used to sign the certificates is now trusted again. I think that they introduced the cross certificate as a way to start using the new root.
Thanks, i have tottaly overlooked the cross-certs. IMHO cross certification is evil as hell anyway and can lead to a total mess in the trust chain. But nothing Djigzo is responsible for as always. With the import of the cross-certs its now working with the new root-CA.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
