On 11/20/2015 11:53 AM, [email protected] wrote: > Hello, > > today we discover a certificate in our Ciphermail certificate store > which is not usable for encryption because of the error "Error building > certPath. Subject distinguished name is not from a permitted subtree". > Indeed there are name constraints in a sub-CA used but i can not figure > out what the actual problem is because it actually should match the > mailadress with is [email protected] > > This is from the upper level issuing CA: > > Zugelassen > [1]Unterstrukturen (0..Max): > RFC822-Name=.ach-llc2.com > [2]Unterstrukturen (0..Max): > RFC822-Name=.cotarko.com > [3]Unterstrukturen (0..Max): > RFC822-Name=.european-llp.com > [4]Unterstrukturen (0..Max): > RFC822-Name=.first-aquitaine.com > [5]Unterstrukturen (0..Max): > RFC822-Name=.fmcc.ch > [6]Unterstrukturen (0..Max): > RFC822-Name=.ford-alliance.com > [7]Unterstrukturen (0..Max): > RFC822-Name=.ford.com > [8]Unterstrukturen (0..Max): > RFC822-Name=.fordcredit.com > [9]Unterstrukturen (0..Max): > RFC822-Name=.forsonordic.com > [10]Unterstrukturen (0..Max): > RFC822-Name=.lincoln.com > [11]Unterstrukturen (0..Max): > RFC822-Name=.lincolnafs.com > [12]Unterstrukturen (0..Max): > RFC822-Name=.troydm.com > [13]Unterstrukturen (0..Max): > RFC822-Name=.volvoautobank.de > [14]Unterstrukturen (0..Max): > RFC822-Name=ach-llc2.com > [15]Unterstrukturen (0..Max): > RFC822-Name=cotarko.com > [16]Unterstrukturen (0..Max): > RFC822-Name=european-llp.com > [17]Unterstrukturen (0..Max): > RFC822-Name=first-aquitaine.com > [18]Unterstrukturen (0..Max): > RFC822-Name=fmcc.ch > [19]Unterstrukturen (0..Max): > RFC822-Name=ford-alliance.com > [20]Unterstrukturen (0..Max): > RFC822-Name=ford.com > [21]Unterstrukturen (0..Max): > RFC822-Name=fordcredit.com > [22]Unterstrukturen (0..Max): > RFC822-Name=forsonordic.com > [23]Unterstrukturen (0..Max): > RFC822-Name=lincoln.com > [24]Unterstrukturen (0..Max): > RFC822-Name=lincolnafs.com > [25]Unterstrukturen (0..Max): > RFC822-Name=troydm.com > [26]Unterstrukturen (0..Max): > RFC822-Name=volvoautobank.de > [27]Unterstrukturen (0..Max): > DNS-Name=ford.com > [28]Unterstrukturen (0..Max): > Verzeichnisadresse: > S=Michigan > L=Dearborn > O=Ford Motor Company > C=US > [29]Unterstrukturen (0..Max): > Verzeichnisadresse: > DC=ford > DC=com > Ausgeschlossen > [1]Unterstrukturen (0..Max): > IP-Adresse=0.0.0.0 > Maske=0.0.0.0 > [2]Unterstrukturen (0..Max): > IP-Adresse=0000:0000:0000:0000:0000:0000:0000:0000 > Mask=0000:0000:0000:0000:0000:0000:0000:0000 > > > Any idea what could be wrong here? >
Hi Andreas, Could you send me the complete chain off-list so I can have a look at it? Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
