On 04/26/2012 03:37 PM, Perry Peeters wrote: > Further investigation learned that the certificate imported into Djigzo did > not contain a private key. > The way to create a Comodo certificate file in Mozilla Firefox: > Edit / Preferences/ Advanced / Encryption / View Certificates / Backup All / > Export > export to PKCSP12 format (certficates with private keys) > > To check if Private keys are in this file: OpenSSL: > openssl pkcs12 -in<filename>.p12 -info > > The signing certificate shows up automatically. > > However still wasn't able to get S/MIME signed (non encrypted) emails > with the following setting on the global settings page: > > - check 'S/MIME allowed' > - uncheck 'Only sign when encrypt'
Are your sending your email with the same from address as the address in the certificate? Can you add a user object for the sender address and then click "signing certificate" on the user settings page. Is the signing certificate selected? Kind regards, Martijn Brinkers > > > > ----- Original Message ----- > From: "Perry Peeters"<[email protected]> > To: [email protected] > Sent: Thursday, April 26, 2012 12:37:36 PM > Subject: Re: [Djigzo users] assigning certficates > > Martijn, you wrote: > "Since you have the private key and the key can be used for signing you can > select > the key for signing." > > How can I select the key for signing ? > If I want to select signing certificate for this user in Djigzo it tells me > "There are no matching certificates" > To check if the end-user certificate holds private keys I've tried to > download the > private keys from the certficate and a PFX file is created. > > Best regards, > > Perry > ------------------------------ > > Message: 4 > Date: Thu, 26 Apr 2012 11:19:55 +0200 (CEST) > From: Perry Peeters<[email protected]> > Subject: [Djigzo users] assigning certficates > To: [email protected] > Message-ID:<9fa63a44-893a-4410-9c6e-7fb2f74374f4@deolinux1> > Content-Type: text/plain; charset=utf-8 > > We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email > certificate > for a specific user (originator). > The Key Usage of the certificate shows: "keyEncipherment, digitalSignature". > Unfortunately the certificate for this user shows up in Djigzo as encryption > certificate not as signing certificate > and I can't unassign / reassign. > Also I can't assign the certificate as signing certficate. > Because of this setup emails are S/MIME encrypted not signed, not what I want. > Is there a solution ? > > > ------------------------------ > > Message: 5 > Date: Thu, 26 Apr 2012 11:31:41 +0200 > From: Martijn Brinkers<[email protected]> > Subject: Re: [Djigzo users] assigning certficates > To: [email protected] > Message-ID:<[email protected]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 04/26/2012 11:19 AM, Perry Peeters wrote: >> We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure >> Email certificate >> for a specific user (originator). >> The Key Usage of the certificate shows: "keyEncipherment, digitalSignature". >> Unfortunately the certificate for this user shows up in Djigzo as encryption >> certificate not as signing certificate >> and I can't unassign / reassign. >> Also I can't assign the certificate as signing certficate. >> Because of this setup emails are S/MIME encrypted not signed, not what I >> want. >> Is there a solution ? > > A key can be used as a signing key if you have the private key and if > the key usage allows the key to be used for signing. A (public) key can > be used for encryption if the key usage allows encryption. Since you > have the private key and the key can be used for signing you can select > the key for signing. Whether or not you can select it as an encryption > key does not matter. First make sure that your email will be correctly > signed. This can be done by deselecting "Only sign when encrypt". Once > you know that your outgoing email will be correctly signed, you can > enable signing of the PDF encrypted email by selecting the PDF advanced > option "Sign email". > > Kind regards, > > Martijn Brinkers > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.djigzo.com/lists/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
