Kai Engert wrote:
OCSP: When preparing the information shown in the tabular view of cert manager, it would be to slow to check all certificates for validity. This is the only place where we ignore the OCSP setting. Because of that, the check is delayed until you actually use the certificate for an action, and you can also trigger checking by viewing the details of the certificate using the view button.
You say your own certificate is reported as being invalid, i.e. Mozilla says it is unable to verify it.
The most common failure reasons are:
1) In your environment, you need to use a proxy to connect to OCSP validation servers. Unfortunately, the security library in Mozilla as of today is unable to connect through a proxy, regardless whether you a proxy configured in your Mozilla network settings or not. OCSP not working through proxies is a bug. Mozilla's failure to report this circumstances is another one.
As our CA is inside our intranet I assume to have no proxy
all checks are already activated / as it is intranet I assume to have no proxy here !
2) Your problem might also be as simple as having improper trust set to your certificate's issueing CA. If your certificate was issued by, say, your own company's private CA, your certificates will not be trusted - this also applies to your own certificate. Check this: Go to cert manager and view your own certificate. Look up which CA issued your cert. Now open the "authorities" tab in cert manager. Find the CA cert that issued your cert and select it. Click "edit". Is any of the checkboxes checked? If not, you should decide whether this certificate is trustworthy and click the appropriate checkboxes. Now go back to your certificate and try again.
I set the cert for both encryption and signing without any error/problem. However when chosing to encrypt or sign a newly composing mail the "error" is:
3) In your original posting you say, you are unable to send out mail. However, you do not explain what exactly is failing. Please let us know whether an error message is shown and what it says. Did you notice that you must go to a mail window, open the mail news account settings, go to the "Security" tab, and select both certificates? Does that succeed? If your own certificate is not trusted, this will fail and you will see an error message. If you able to select the certs, your certs are fine.
Popup dialog: "You need to set up one or mor epersonal certificates before you can use this security feature. WOuld you like to learn how to do this now ?"
I've been through that help section now multiple times and cant find anything missing
The security info for composing a mail to [EMAIL PROTECTED] says:
4) If you are still unable to send the message, go to "view message security info" or click the lock icon in the tool bar. The window that opens up should give you more information. Let us know what it says if you can't fix the problem on your own.
Certificates:
Recipient:[EMAIL PROTECTED]
Status: Not Found
Issued:
Expires:
Clicking on View button is silently ignored
Setting any encryption or signation is not possible as the popup dialog appears and closing it will "uncheck" that feature
any clue ?
best regards ET
