----- Original Message ----- From: "Eitzenberger Thomas" <[EMAIL PROTECTED]> To: "Kai Engert" <[EMAIL PROTECTED]> Cc: "Nelson B. Bolyard" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Schruef Roland" <[EMAIL PROTECTED]> Sent: Monday, November 18, 2002 11:34 AM Subject: Re: Mozilla S/MIME
> Kai Engert wrote: > > > OCSP: When preparing the information shown in the tabular view of cert > > manager, it would be to slow to check all certificates for validity. > > This is the only place where we ignore the OCSP setting. Because of > > that, the check is delayed until you actually use the certificate for > > an action, and you can also trigger checking by viewing the details of > > the certificate using the view button. > > > > You say your own certificate is reported as being invalid, i.e. > > Mozilla says it is unable to verify it. > > > > The most common failure reasons are: > > > > 1) In your environment, you need to use a proxy to connect to OCSP > > validation servers. Unfortunately, the security library in Mozilla as > > of today is unable to connect through a proxy, regardless whether you > > a proxy configured in your Mozilla network settings or not. OCSP not > > working through proxies is a bug. Mozilla's failure to report this > > circumstances is another one. > > As our CA is inside our intranet I assume to have no proxy > > > > > 2) Your problem might also be as simple as having improper trust set > > to your certificate's issueing CA. If your certificate was issued by, > > say, your own company's private CA, your certificates will not be > > trusted - this also applies to your own certificate. Check this: Go to > > cert manager and view your own certificate. Look up which CA issued > > your cert. Now open the "authorities" tab in cert manager. Find the CA > > cert that issued your cert and select it. Click "edit". Is any of the > > checkboxes checked? If not, you should decide whether this certificate > > is trustworthy and click the appropriate checkboxes. Now go back to > > your certificate and try again. > > all checks are already activated / as it is intranet I assume to have no > proxy here ! > > > > > > > 3) In your original posting you say, you are unable to send out mail. > > However, you do not explain what exactly is failing. Please let us > > know whether an error message is shown and what it says. Did you > > notice that you must go to a mail window, open the mail news account > > settings, go to the "Security" tab, and select both certificates? Does > > that succeed? If your own certificate is not trusted, this will fail > > and you will see an error message. If you able to select the certs, > > your certs are fine. > > I set the cert for both encryption and signing without any > error/problem. However when chosing to encrypt or sign a newly composing > mail the "error" is: > > Popup dialog: "You need to set up one or mor epersonal certificates > before you can use this security feature. WOuld you like to learn how to > do this now ?" > > I've been through that help section now multiple times and cant find > anything missing > > > > > > > 4) If you are still unable to send the message, go to "view message > > security info" or click the lock icon in the tool bar. The window that > > opens up should give you more information. Let us know what it says if > > you can't fix the problem on your own. > > The security info for composing a mail to [EMAIL PROTECTED] says: > > Certificates: > Recipient:[EMAIL PROTECTED] > Status: Not Found > Issued: > Expires: > > Clicking on View button is silently ignored > > Setting any encryption or signation is not possible as the popup dialog > appears and closing it will "uncheck" that feature > > any clue ? > > best regards ET > >
