....User receives a signed mail, certificate unknown - > no problem User installs root cerrtifikate -> Outlook freezes when opening the signed message
Yes, it is looking for the CRL, but can not find it. In my experience it will "unfreeze" after about 30 seconds.
Yes, change the CDP in the certificates to http rather than https. Just edit the User.ext on the CA and reissue the certificates. It may also be worth editing Web_Server.ext to change the CDP there too.
Why will Outlook not find it - when I look at the Cert there are several pointers to the CRL, all with a valid adresse - can Outlook not load CRL over secure connections or is it because the TLS Cert is from the same authority - so signing the webserver with a different cert wil solve the problem ?
I dont want to reissue the certs, because we already published it and most people are very uninteressted in PKI and a process of re-issuing and configuing will not raise their understanding for using a PKI.
Oli
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
