Re: Using OpenSSL certs in Kmail

Tue, 22 May 2007 03:46:41 -0700 

On Monday 21 May 2007 22:56, Mick wrote:

> I have created a PKCS12 certificate and imported it into Kmail.  However,
> when I try to select it as the preferred key for my email account, it comes
> up with a red x across the key symbol.  I take this to mean that it is
> unsuitable.  When I check it with Kleopatra I see this under Dump:
> ============================================
>       keyType: 4096 bit RSA
>     subjKeyId: [?]
>     authKeyId: [?]
>      keyUsage: [error: No value]
>   extKeyUsage: [none]
>      policies: [none]
>   chainLength: [error: No value]
>         crlDP: [error]
>      authInfo: [error]
>      subjInfo: [error]
> ============================================
>
> It also shows under Details:
> ============================================
> Can be used for signing        No
> Can be used for encryption     No
> Can be used for certification  No
> Can be used for authentication No
> ============================================
>
> gpgsm also spits out some errors:
> ============================================
>      validity: 2007-05-19 18:12:12 through 2010-05-18 18:12:12
>      key type: 4096 bit RSA
>     key usage: [error: No value]
>  chain length: [error: No value]
> ============================================
>
> However, when I am examining the email.crt certificate I created with
> openssl x509, which I later fed into openssl pkcs12 to create the pkcs12
> certificate everything seems to be in order:
> ============================================
> Certificate purposes:
> SSL client : Yes
> SSL client CA : No
> SSL server : Yes
> SSL server CA : No
> Netscape SSL server : Yes
> Netscape SSL server CA : No
> S/MIME signing : Yes
> S/MIME signing CA : No
> S/MIME encryption : Yes
> S/MIME encryption CA : No
> CRL signing : Yes
> CRL signing CA : No
> Any Purpose : Yes
> Any Purpose CA : Yes
> OCSP helper : Yes
> OCSP helper CA : No
> ============================================
>
> Any ideas what I've done wrong?

Hmm, I wonder if this is just a Kmail bug . . . I have tried decoupling the 
key and the certs from the pkcs12 bundle and imported them manually using 
gpgsm but the same errors come up.
-- 
Regards,
Mick

Attachment: pgpRLyIHDajdV.pgp
Description: PGP signature

Reply via email to