Greg, the intermediate cert you're looking for is here: http://crt.comodoca.com/COMODOClientAuthenticationandSecureEmailCA.crt
It's not a built-in root, but it is signed by one - UTN-USERFirst-Client Authentication and Email.
This intermediate should have been automatically installed in the sender's email software as part of the installation process for your free S/MIME cert. Then, whenever you send a signed email, this intermediate should be automatically attached to the S/MIME signature so that recipients can successfully validate your certificate.
You mentioned that the recipients are using Thunderbird. Is the sender using Thunderbird too?
On 20/06/14 08:31, Greg wrote:
I’m trying out COMODO’s free S/MIME cert. On recipient machines, however, a warning is shown that the certificate was signed by an unknown authority, “COMODO Client Authentication and Secure Email CA.” Indeed, Thunderbird appears to hold no such authority certificate. According to Comodo, it should be as follows. 1) AddTrustExternalCARoot.crt - Root 2) COMODOClientAuthenticationandSecureEmailCA.crt - Intermediate 3) UTNAddTrustClient_CA.crt - Intermediate The first one appears to be included in Thunderbird, but the other two aren’t. I find it hard to believe Comodo would expect recipients of signed messages to install these, but Comodo’s support is saying this is so.
-- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
