Am Tue, 30 Jul 2019 13:28:32 +0200
schrieb "Dr. Thomas Orgis" :
> And even with it present, is it
> correct behaviour for gpgsm to consider the chain invalid instead of
> just the cross-signature? It _does_ trust the new root cert already …
> no need for any further signature.
Just now the third
Am Mon, 22 Jul 2019 00:44:08 +0200
schrieb Ángel :
> Well, it seems that «T-TeleSec GlobalRoot Class 2» was cross-signed by
> «Deutsche Telekom Root CA 2».
> This is typically done with new roots so that people with an older set
> of roots can trust it through an older one.
Right. But if this is
Am Sat, 20 Jul 2019 20:07:37 +0200
schrieb "Dr. Thomas Orgis" :
> The issue I see is that
> these certs are not even supposed to be in the chain!
> the presence of the old certificates stirs things up. When I create a
> fresh user and import the new key with its certs into gpgsm, the chain
>
On 2019-07-20 at 20:07 +0200, Dr. Thomas Orgis wrote:
> The chain in the imported new key & cert file how it should be:
>
> 4. Thomas Orgis (me) signed by DFN-Verein Global Issuing CA
> 3. DFN-Verein Global Issuing CA signed by DFN-Verein Certification Authority 2
> 2. DFN-Verein Certification
Hi,
thanks for looking at this …
am Sat, 20 Jul 2019 11:01:49 +0200
schrieb Dirk Gottschalk :
> This is the issue here. These two certs of DTAG (Telekom) are exired
> and that's the reason why gpgsm is complaining correctly.
Please check again my original post, though. The issue I see is that
Hello.
Am Donnerstag, den 18.07.2019, 18:33 +0200 schrieb Dr. Thomas Orgis:
> Certified by
>ID: 0x61A8CF44
>Issuer: /CN=Deutsche Telekom Root CA 2/OU=T-TeleSec Trust
> Center/O=Deutsche Telekom AG/C=DE
> Subject: /CN=T-TeleSec GlobalRoot Class 2/OU=T-Systems Trust
>
Hi,
I'm trying to switch to my third S/MIME cert after two earlier expired
ones in gpgsm. The private key and the certificate are valid into the
year 2022, but gpgsm (version 2.2.15) tells me this:
shell$ LANG=C gpgsm --sign -u 0x310C60AF
[…]
gpgsm: certificate is good
gpgsm: intermediate